Solved All Programs list empty

Whiskeyman · 2011/06/22

[Resolved] All Programs list empty

I have no idea what my niece clicked on, but her Programs list is empty. Her program icons are also missing from the Desktop. It took me awhile just to get MBAM installed and ran. Here are the logs.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6920

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/22/2011 2:41:31 PM
mbam-log-2011-06-22 (14-41-31).txt

Scan type: Quick scan
Objects scanned: 213417
Time elapsed: 14 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EkqCjRSTlvQ (Rogue.Agent.SA) -> Value: EkqCjRSTlvQ -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskmgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Whiskeyman · 2011/06/22

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-22 19:02:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3160815AS rev.4.ADA
Running: 0gqce2p6.exe; Driver: C:\DOCUME~1\monica\LOCALS~1\Temp\fwdyapow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8965380, 0x300577, 0xE8000020]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 22101

---- EOF - GMER 1.0.15 ----

Whiskeyman · 2011/06/22

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-22 19:05:21
-----------------------------
19:05:21.424 OS Version: Windows 5.1.2600 Service Pack 3
19:05:21.424 Number of processors: 1 586 0x7F02
19:05:21.424 ComputerName: DCK7T3G1 UserName: monica
19:05:22.035 Initialize success
19:05:45.218 AVAST engine download error: 0
19:06:00.330 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
19:06:00.330 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
19:06:02.383 Disk 0 MBR read successfully
19:06:02.383 Disk 0 MBR scan
19:06:02.383 Disk 0 Windows XP default MBR code
19:06:04.426 Disk 0 scanning sectors +312496380
19:06:04.516 Disk 0 scanning C:\WINDOWS\system32\drivers
19:06:23.854 Service scanning
19:06:24.935 Disk 0 trace - called modules:
19:06:24.945 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:06:24.945 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa84ab8]
19:06:24.945 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000062[0x8ab50f18]
19:06:24.945 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8aafad98]
19:06:24.945 Scan finished successfully
19:06:37.664 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\monica\Desktop\MBR.dat "
19:06:37.664 The log file has been saved successfully to "C:\Documents and Settings\monica\Desktop\aswMBR.txt "

Whiskeyman · 2011/06/22

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by monica at 19:08:17 on 2011-06-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1451 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1157609 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" - "http://www.pbs.org/wgbh/evolution/sex/guppy/ed_pop.html "
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
mRun: [FPCCSMiddleware] c:\program files\fisher-price\computer cool school\FPCCSMiddleware.exe
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [eligmini] c:\program files\fisher-price\easy-link internet launch pad\Easy-Link internet launch pad.exe 0
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [BigDogPath] c:\windows\VM_STI.EXE Clique Cam 326
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\monica\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\monica\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxps://project.rbrooks.com/ProjectServer/objects/pjclient.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxps://project.rbrooks.com/ProjectServer/objects/1033/pjcintl.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - c:\program files\microsoft\outlook web access smime client\mimectl.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl165f25dc;MpKsl165f25dc;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{854bb174-3680-4eb6-b875-37266b1d8ec8}\MpKsl165f25dc.sys [2011-6-22 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 MpKslf531e263;MpKslf531e263;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd378c13-3eea-4e93-9226-97c1791dd310}\mpkslf531e263.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd378c13-3eea-4e93-9226-97c1791dd310}\MpKslf531e263.sys [?]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2008-8-21 1240576]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-27 39984]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\rkpavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 ZSMC302;Clique Cam 326;c:\windows\system32\drivers\usbvm302.sys [2011-4-18 90513]
.
=============== Created Last 30 ================
.
2011-06-22 23:07:45 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{854bb174-3680-4eb6-b875-37266b1d8ec8}\MpKsl165f25dc.sys
2011-06-22 23:07:35 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{854bb174-3680-4eb6-b875-37266b1d8ec8}\mpengine.dll
2011-06-21 19:00:55 -------- d-----w- c:\documents and settings\monica\local settings\application data\Opera
2011-06-21 04:21:37 -------- d-----w- c:\windows\PIF
2011-06-21 04:05:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-16 07:05:42 -------- d--h--w- c:\windows\SxsCaPendDel
2011-06-09 08:15:32 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-26 01:32:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-05-26 01:32:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-05-26 01:32:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-05-26 01:32:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-05-26 01:32:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-05-26 01:32:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-05-26 01:32:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ---ha-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ---ha-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 19:08:41.88 ===============

Whiskeyman · 2011/06/22

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/1/2008 9:47:35 AM
System Uptime: 6/22/2011 3:18:07 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Sempron(tm) Processor LE-1300 | Socket AM2 | 2310/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 55.112 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP628: 3/24/2011 4:09:28 PM - Software Distribution Service 3.0
RP629: 3/25/2011 7:06:11 AM - Software Distribution Service 3.0
RP630: 3/25/2011 8:33:12 PM - Software Distribution Service 3.0
RP631: 3/26/2011 9:04:02 PM - System Checkpoint
RP632: 3/26/2011 10:05:04 PM - Software Distribution Service 3.0
RP633: 3/27/2011 10:31:13 PM - Software Distribution Service 3.0
RP634: 3/28/2011 2:17:29 AM - Software Distribution Service 3.0
RP635: 3/28/2011 10:52:33 PM - Software Distribution Service 3.0
RP636: 3/29/2011 11:16:48 PM - System Checkpoint
RP637: 3/30/2011 10:53:02 PM - Software Distribution Service 3.0
RP638: 4/1/2011 5:32:09 AM - System Checkpoint
RP639: 4/1/2011 10:53:46 PM - Software Distribution Service 3.0
RP640: 4/2/2011 2:17:37 AM - Software Distribution Service 3.0
RP641: 4/3/2011 4:59:24 AM - System Checkpoint
RP642: 4/4/2011 1:52:59 AM - Software Distribution Service 3.0
RP643: 4/4/2011 5:01:50 PM - Software Distribution Service 3.0
RP644: 4/5/2011 1:51:59 AM - Software Distribution Service 3.0
RP645: 4/5/2011 5:02:23 PM - Software Distribution Service 3.0
RP646: 4/6/2011 1:51:48 AM - Software Distribution Service 3.0
RP647: 4/6/2011 5:02:09 PM - Software Distribution Service 3.0
RP648: 4/7/2011 5:02:57 PM - Software Distribution Service 3.0
RP649: 4/8/2011 5:02:51 PM - Software Distribution Service 3.0
RP650: 4/9/2011 8:48:33 PM - System Checkpoint
RP651: 4/10/2011 10:39:43 PM - System Checkpoint
RP652: 4/11/2011 10:13:51 AM - Software Distribution Service 3.0
RP653: 4/12/2011 10:13:01 AM - Software Distribution Service 3.0
RP654: 4/13/2011 10:13:40 AM - Software Distribution Service 3.0
RP655: 4/14/2011 3:00:23 AM - Software Distribution Service 3.0
RP656: 4/15/2011 5:36:49 AM - System Checkpoint
RP657: 4/16/2011 6:05:50 AM - System Checkpoint
RP658: 4/17/2011 2:35:19 AM - Software Distribution Service 3.0
RP659: 4/18/2011 8:20:08 AM - Software Distribution Service 3.0
RP660: 4/18/2011 9:48:39 AM - Installed Clique Cam 326
RP661: 4/18/2011 9:51:11 AM - Unsigned driver install
RP662: 4/19/2011 5:24:37 PM - Software Distribution Service 3.0
RP663: 4/20/2011 6:58:12 PM - System Checkpoint
RP664: 4/20/2011 8:24:09 PM - Software Distribution Service 3.0
RP665: 4/22/2011 7:12:55 AM - Software Distribution Service 3.0
RP666: 4/22/2011 7:23:15 AM - Software Distribution Service 3.0
RP667: 4/23/2011 2:01:59 AM - Software Distribution Service 3.0
RP668: 4/24/2011 3:38:14 AM - Software Distribution Service 3.0
RP669: 4/25/2011 4:08:14 AM - Software Distribution Service 3.0
RP670: 4/25/2011 11:25:54 AM - Software Distribution Service 3.0
RP671: 4/26/2011 2:01:55 AM - Software Distribution Service 3.0
RP672: 4/27/2011 6:50:25 AM - Software Distribution Service 3.0
RP673: 4/27/2011 7:02:41 AM - Software Distribution Service 3.0
RP674: 4/28/2011 2:02:14 AM - Software Distribution Service 3.0
RP675: 4/29/2011 2:02:25 AM - Software Distribution Service 3.0
RP676: 4/30/2011 2:02:01 AM - Software Distribution Service 3.0
RP677: 4/30/2011 11:26:12 AM - Software Distribution Service 3.0
RP678: 5/1/2011 11:28:43 AM - System Checkpoint
RP679: 5/1/2011 7:49:46 PM - Software Distribution Service 3.0
RP680: 5/2/2011 11:25:55 AM - Software Distribution Service 3.0
RP681: 5/3/2011 2:01:46 AM - Software Distribution Service 3.0
RP682: 5/4/2011 7:23:25 AM - Software Distribution Service 3.0
RP683: 5/5/2011 2:02:32 AM - Software Distribution Service 3.0
RP684: 5/5/2011 11:26:06 AM - Software Distribution Service 3.0
RP685: 5/6/2011 12:04:41 PM - System Checkpoint
RP686: 5/6/2011 12:21:00 PM - Software Distribution Service 3.0
RP687: 5/7/2011 11:26:37 AM - Software Distribution Service 3.0
RP688: 5/8/2011 11:33:30 AM - System Checkpoint
RP689: 5/8/2011 7:01:57 PM - Software Distribution Service 3.0
RP690: 5/9/2011 9:43:52 PM - Software Distribution Service 3.0
RP691: 5/10/2011 9:49:09 PM - Software Distribution Service 3.0
RP692: 5/11/2011 6:21:01 PM - Software Distribution Service 3.0
RP693: 5/12/2011 2:02:14 AM - Software Distribution Service 3.0
RP694: 5/13/2011 2:02:24 AM - Software Distribution Service 3.0
RP695: 5/14/2011 2:10:09 AM - Software Distribution Service 3.0
RP696: 5/15/2011 1:37:49 AM - Software Distribution Service 3.0
RP697: 5/16/2011 2:06:25 AM - System Checkpoint
RP698: 5/16/2011 9:13:56 AM - Software Distribution Service 3.0
RP699: 5/17/2011 9:09:07 AM - Software Distribution Service 3.0
RP700: 5/18/2011 2:11:41 AM - Software Distribution Service 3.0
RP701: 5/19/2011 1:52:20 AM - Software Distribution Service 3.0
RP702: 5/20/2011 7:36:21 AM - Software Distribution Service 3.0
RP703: 5/21/2011 7:47:38 AM - Software Distribution Service 3.0
RP704: 5/23/2011 7:08:16 PM - Software Distribution Service 3.0
RP705: 5/24/2011 8:15:19 PM - Software Distribution Service 3.0
RP706: 5/25/2011 8:52:19 PM - Software Distribution Service 3.0
RP707: 5/26/2011 2:53:24 PM - Removed Apple Application Support
RP708: 5/26/2011 11:32:33 PM - Software Distribution Service 3.0
RP709: 5/28/2011 8:15:33 AM - Software Distribution Service 3.0
RP710: 5/29/2011 9:11:31 AM - System Checkpoint
RP711: 5/29/2011 3:33:05 PM - Software Distribution Service 3.0
RP712: 5/29/2011 8:51:55 PM - Software Distribution Service 3.0
RP713: 5/30/2011 8:52:21 PM - Software Distribution Service 3.0
RP714: 5/31/2011 8:52:20 PM - Software Distribution Service 3.0
RP715: 6/1/2011 8:52:35 PM - Software Distribution Service 3.0
RP716: 6/2/2011 8:53:47 PM - Software Distribution Service 3.0
RP717: 6/3/2011 1:39:31 AM - Software Distribution Service 3.0
RP718: 6/3/2011 8:54:06 PM - Software Distribution Service 3.0
RP719: 6/4/2011 10:00:34 PM - System Checkpoint
RP720: 6/5/2011 8:17:05 AM - Software Distribution Service 3.0
RP721: 6/6/2011 8:23:14 AM - Software Distribution Service 3.0
RP722: 6/7/2011 8:36:37 AM - System Checkpoint
RP723: 6/7/2011 12:05:00 PM - Software Distribution Service 3.0
RP724: 6/8/2011 1:40:00 AM - Software Distribution Service 3.0
RP725: 6/9/2011 1:40:59 AM - Software Distribution Service 3.0
RP726: 6/10/2011 1:37:08 AM - Software Distribution Service 3.0
RP727: 6/10/2011 5:53:52 PM - Software Distribution Service 3.0
RP728: 6/11/2011 7:51:45 PM - System Checkpoint
RP729: 6/12/2011 8:06:24 PM - System Checkpoint
RP730: 6/13/2011 7:00:46 AM - Software Distribution Service 3.0
RP731: 6/14/2011 7:49:56 AM - Software Distribution Service 3.0
RP732: 6/14/2011 5:54:01 PM - Software Distribution Service 3.0
RP733: 6/15/2011 8:54:57 PM - System Checkpoint
RP734: 6/16/2011 1:34:48 AM - Software Distribution Service 3.0
RP735: 6/16/2011 3:00:24 AM - Software Distribution Service 3.0
RP736: 6/17/2011 1:32:24 AM - Software Distribution Service 3.0
RP737: 6/18/2011 7:30:28 AM - Software Distribution Service 3.0
RP738: 6/19/2011 9:27:22 AM - Software Distribution Service 3.0
RP739: 6/20/2011 9:43:20 AM - System Checkpoint
RP740: 6/20/2011 10:49:29 AM - Software Distribution Service 3.0
RP741: 6/21/2011 12:18:21 AM - Installed Java(TM) 6 Update 26
RP742: 6/21/2011 2:13:18 AM - Software Distribution Service 3.0
RP743: 6/22/2011 7:38:39 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
5500
5500_Help
5500Tour
5500Trb
7-Zip 4.65
Adobe Download Managerjacobc.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
AiO_Scan
AiOSoftware
Apple Software Update
BufferChm
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CCScore
Clique Cam 326
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CyberLink MediaShow
Dell Driver Reset Tool
Dell Resource CD
Dell Support Center (Support Software)
Destinations
Director
DocProc
Documentation & Support Launcher
DocumentViewer
Download Updater (AOL LLC)
Easy-Link internet launch pad
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Fax
Fisher-Price Computer Cool School
Fisher-Price Dora and Diego's Classroom
Fisher-Price Leo and the Dinosaurs
Fisher-Price Scooby-Doo's Classroom
Fisher-Price SpongeBob's Classroom
Foxit Reader
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Diagnostic Assistant
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HP Update
HPSystemDiagnostics
InstantShare
Java Auto Updater
Java(TM) 6 Update 26
jv16 PowerTools 1.3
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Linksys EasyLink Advisor 1.5 (1044)
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Outlook Web Access S/MIME (2007)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
neroxml
netbrdg
Nikon Message Center
Nikon Transfer
Notifier
NVIDIA Drivers
OfotoXMI
OLYMPUS Digital Camera Updater
OLYMPUS Master 2
OLYMPUS Studio 2
OLYMPUS Viewer 2
Opera 11.11
Overland
PCDADDIN
PCDHELP
Philips SPC 900NC PC Camera
Philips VLounge
PhotoGallery
Picasa 3
Picture Control Utility
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
Realtek High Definition Audio Driver
Safari
SAMSUNG Mobile Modem V2 Software
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SkinsHP1
SKINXSDK
Skypeâ„¢ 4.2
SpywareBlaster 4.4
staticcr
SUPERAntiSpyware
TomTom HOME
tooltips
TrayApp
Trend Micro Internet Security
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.18
ViewNX
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.2
VPRINTOL
WD Diagnostics
WebFldrs XP
WebReg
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam (06/28/2007 2.2.0.0)
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
6/22/2011 3:08:57 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
6/22/2011 2:03:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Lbd MpFilter Processor SASDIFSV SASKUTIL
6/22/2011 2:02:05 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 001EC9755754 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
6/21/2011 7:46:04 AM, error: Microsoft Antimalware [1014] - Microsoft Antimalware has encountered an error trying to remove history of malware and other potentially unwanted software. Time: 5/22/2011 7:46:03 AM User: NT AUTHORITY\SYSTEM Error Code: 0x80070005 Error description: Access is denied.
6/20/2011 4:19:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec Lbd MpFilter MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
6/20/2011 4:19:05 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/20/2011 4:19:05 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/20/2011 4:19:05 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/20/2011 4:18:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/20/2011 4:17:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/20/2011 3:06:18 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '963368.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/20/2011 2:44:46 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
6/15/2011 7:18:03 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
6/15/2011 11:43:04 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{AD4247F6-EE75-45BC-ACF3-99DC5A78CDFC} because another computer on the network has the same name. The server could not start.
6/15/2011 11:39:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
6/15/2011 11:39:01 AM, error: Service Control Manager [7000] - The Protexis Licensing V2 service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

broni · 2011/06/22

I have no idea what my niece clicked on, but her Programs list is empty.
Click to expand...

This is the result of one of malwares from Fake HDD family.

Your niece is running two AV programs, MSE and TrendMicro.
One of them has to go.

Now...

Let's see, if we can recover your missing features.
Download and run UnHide

Whiskeyman · 2011/06/23

I didn't find any Trend Micro listed in Control Panel or any folders on the C: drive. I ran jv16 and did find some old references to the former Panda install which I removed. I ran UnHide with MSE disabled and SAS uninstalled. The Desktop icons reappeared, the Programs list is repopulated, but the sub-sections of the programs are empty.

I am headed to dialysis and will be back online about 4 PM EDT.

broni · 2011/06/23

Let's see, if some backup of missing items is present....

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
Double-click SystemLook.exe to run it.

Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:dir
%Temp%\smtmp /s
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Whiskeyman · 2011/06/23

SystemLook 04.09.10 by jpshortstuff
Log created at 17:20 on 23/06/2011 by monica
Administrator - Elevation successful

========== dir ==========

C:\DOCUME~1\monica\LOCALS~1\Temp\smtmp - Unable to find folder.

-= EOF =-

I also have a window popping up at Startup with the title AutorunsDisabled.

I notice a program named Windows XP Repair in the Programs list that I believe is a rouge program..

broni · 2011/06/23

Unfortunately, there is no backup present, so you'll have to recreate missing items manually.
Instructions: http://www.smartestcomputing.us.com...iles-hiddendeleted-by-windows-recovery-virus/
(read lower part of "Method 2" starting at:
If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:
...then "Method 3" for restoring other shortcuts).
You can do the above at any time.

Now....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Whiskeyman · 2011/06/23

ComboFix 11-06-23.01 - monica 06/23/2011 17:55:06.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1444 [GMT -4:00]
Running from: c:\documents and settings\monica\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\vlc-0.9.6-win32.exe
c:\documents and settings\All Users\Application Data\vlc-1.0.0-win32.exe
c:\documents and settings\All Users\Application Data\vlc-1.0.1-win32.exe
c:\documents and settings\All Users\Application Data\vlc-1.1.6-win32.exe
c:\documents and settings\monica\Start Menu\Programs\Windows XP Repair
c:\documents and settings\monica\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk
c:\documents and settings\monica\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 21:17 . 2011-06-23 21:17 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0091C229-C631-4BE6-86A3-F0F7A2985A98}\MpKsl12a184da.sys
2011-06-23 13:04 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0091C229-C631-4BE6-86A3-F0F7A2985A98}\mpengine.dll
2011-06-21 19:00 . 2011-06-21 19:00 -------- d-----w- c:\documents and settings\monica\Local Settings\Application Data\Opera
2011-06-21 04:21 . 2011-06-21 04:21 -------- d-----w- c:\windows\PIF
2011-06-21 04:13 . 2011-06-21 04:13 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Opera
2011-06-21 04:13 . 2011-06-21 04:14 -------- d-----w- c:\program files\Opera
2011-06-20 22:08 . 2011-06-20 22:08 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\OLYMPUS
2011-06-16 07:05 . 2011-06-16 07:40 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-09 08:15 . 2011-06-09 08:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-26 01:38 . 2011-05-26 01:39 -------- d-----w- c:\program files\Safari
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-05-26 01:31 . 2011-05-26 01:32 -------- d-----w- c:\program files\QuickTime
2011-05-26 01:31 . 2011-05-26 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2010-12-27 23:06 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 13:11 . 2009-11-27 18:53 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-04 08:52 . 2010-05-08 13:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2010-05-08 13:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2004-08-10 17:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-10 16:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 16:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-10 16:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor "= "c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 392832]
"OM2_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL "= "RTHDCPL.EXE" [2008-04-07 16859648]
"PhiBtn "= "c:\windows\System32\drivers\PhiBtn.exe" [2005-08-25 155648]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"Traymin900 "= "c:\windows\System32\drivers\Tray900.exe" [2005-08-25 266240]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-04-07 81920]
"nwiz "= "nwiz.exe" [2008-04-07 1626112]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"FPCCSMiddleware "= "c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-10-10 538432]
"OM2_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"eligmini "= "c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2009-04-28 491520]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"BigDogPath "= "c:\windows\VM_STI.EXE" [2003-01-21 40960]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Bill\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\monica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP "= 1700:TCP:MioNet Remote Drive Access
"1641:TCP "= 1641:TCP:MioNet Remote Drive Verification
.
R1 MpKsl12a184da;MpKsl12a184da;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0091C229-C631-4BE6-86A3-F0F7A2985A98}\MpKsl12a184da.sys [6/23/2011 5:17 PM 28752]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKslf531e263;MpKslf531e263;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD378C13-3EEA-4E93-9226-97C1791DD310}\MpKslf531e263.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD378C13-3EEA-4E93-9226-97C1791DD310}\MpKslf531e263.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [8/21/2008 10:04 PM 1240576]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 ZSMC302;Clique Cam 326;c:\windows\system32\drivers\usbvm302.sys [4/18/2011 9:48 AM 90513]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL12A184DA
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-06-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-06-23 c:\windows\Tasks\User_Feed_Synchronization-{DD1482EE-C5A0-4613-82DF-B847276139C1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.254.254
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxps://project.rbrooks.com/ProjectServer/objects/pjclient.cab
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxps://project.rbrooks.com/ProjectServer/objects/1033/pjcintl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 17:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-23 18:00:51
ComboFix-quarantined-files.txt 2011-06-23 22:00
.
Pre-Run: 60,520,075,264 bytes free
Post-Run: 60,584,988,672 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0446D4EC7F887ED967AF716AA84F6CCB

broni · 2011/06/23

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box

Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
SecCenter::
{7D2296BC-32CC-4519-917E-52E652474AF5}

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
 "AntiVirusOverride "=dword:00000000
 "FirewallOverride "=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Whiskeyman · 2011/06/23

ComboFix 11-06-23.01 - monica 06/23/2011 18:23:25.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1393 [GMT -4:00]
Running from: c:\documents and settings\monica\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\monica\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 21:17 . 2011-06-23 21:17 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0091C229-C631-4BE6-86A3-F0F7A2985A98}\MpKsl12a184da.sys
2011-06-23 13:04 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0091C229-C631-4BE6-86A3-F0F7A2985A98}\mpengine.dll
2011-06-21 19:00 . 2011-06-21 19:00 -------- d-----w- c:\documents and settings\monica\Local Settings\Application Data\Opera
2011-06-21 04:21 . 2011-06-21 04:21 -------- d-----w- c:\windows\PIF
2011-06-21 04:13 . 2011-06-21 04:13 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Opera
2011-06-21 04:13 . 2011-06-21 04:14 -------- d-----w- c:\program files\Opera
2011-06-20 22:08 . 2011-06-20 22:08 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\OLYMPUS
2011-06-16 07:05 . 2011-06-16 07:40 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-09 08:15 . 2011-06-09 08:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-26 01:38 . 2011-05-26 01:39 -------- d-----w- c:\program files\Safari
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-05-26 01:32 . 2011-05-26 01:32 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-05-26 01:31 . 2011-05-26 01:32 -------- d-----w- c:\program files\QuickTime
2011-05-26 01:31 . 2011-05-26 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2010-12-27 23:06 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 13:11 . 2009-11-27 18:53 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-04 08:52 . 2010-05-08 13:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2010-05-08 13:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2004-08-10 17:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-10 16:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 16:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-10 16:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor "= "c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 392832]
"OM2_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL "= "RTHDCPL.EXE" [2008-04-07 16859648]
"PhiBtn "= "c:\windows\System32\drivers\PhiBtn.exe" [2005-08-25 155648]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"Traymin900 "= "c:\windows\System32\drivers\Tray900.exe" [2005-08-25 266240]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-04-07 81920]
"nwiz "= "nwiz.exe" [2008-04-07 1626112]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"FPCCSMiddleware "= "c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-10-10 538432]
"OM2_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"eligmini "= "c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2009-04-28 491520]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"BigDogPath "= "c:\windows\VM_STI.EXE" [2003-01-21 40960]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Bill\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\monica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP "= 1700:TCP:MioNet Remote Drive Access
"1641:TCP "= 1641:TCP:MioNet Remote Drive Verification
.
R1 MpKsl12a184da;MpKsl12a184da;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0091C229-C631-4BE6-86A3-F0F7A2985A98}\MpKsl12a184da.sys [6/23/2011 5:17 PM 28752]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKslf531e263;MpKslf531e263;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD378C13-3EEA-4E93-9226-97C1791DD310}\MpKslf531e263.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD378C13-3EEA-4E93-9226-97C1791DD310}\MpKslf531e263.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [8/21/2008 10:04 PM 1240576]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 ZSMC302;Clique Cam 326;c:\windows\system32\drivers\usbvm302.sys [4/18/2011 9:48 AM 90513]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL12A184DA
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-06-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-06-23 c:\windows\Tasks\User_Feed_Synchronization-{DD1482EE-C5A0-4613-82DF-B847276139C1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.254.254
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxps://project.rbrooks.com/ProjectServer/objects/pjclient.cab
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxps://project.rbrooks.com/ProjectServer/objects/1033/pjcintl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 18:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2436)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-23 18:27:29
ComboFix-quarantined-files.txt 2011-06-23 22:27
ComboFix2.txt 2011-06-23 22:00
.
Pre-Run: 60,608,299,008 bytes free
Post-Run: 60,585,791,488 bytes free
.
- - End Of File - - DE2B84E58C199A012B3121892D6969CC

broni · 2011/06/23

Very good

Any current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Whiskeyman · 2011/06/23

The computer is running fine. I will have to restore all of their programs. I have about another hour to use the Internet due to severe thunder storm headed this way.

OTL logfile created on: 6/23/2011 6:37:17 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\monica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 68.99% Memory free
3.79 Gb Paging File | 3.38 Gb Available in Paging File | 89.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 56.46 Gb Free Space | 37.90% Space Free | Partition Type: NTFS

Computer Name: DCK7T3G1 | User Name: monica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 18:33:18 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/28 09:57:26 | 000,491,520 | ---- | M] (Fisher-Price) -- C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
PRC - [2008/10/10 10:40:56 | 000,538,432 | ---- | M] () -- C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/30 11:01:16 | 000,392,832 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2003/01/21 15:19:24 | 000,040,960 | ---- | M] (VM.) -- C:\WINDOWS\VM_STI.EXE

========== Modules (SafeList) ==========

MOD - [2011/06/23 18:33:18 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PSI_SVC_2)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus(R)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/06/23 17:17:00 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0091C229-C631-4BE6-86A3-F0F7A2985A98}\MpKsl12a184da.sys -- (MpKsl12a184da)
DRV - [2009/08/11 20:03:55 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/08/21 18:30:15 | 000,028,672 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2008/04/06 21:29:10 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/04/06 21:29:08 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/06 21:25:40 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/08/25 18:28:00 | 001,240,576 | ---- | M] (Philips Consumer Electronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv41.sys -- (camvid40)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2004/04/23 19:01:40 | 000,090,513 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm302.sys -- (ZSMC302)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search "
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001 "
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= "

[2008/10/26 09:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\monica\Application Data\Mozilla\Extensions
[2010/05/10 09:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\monica\Application Data\Mozilla\Firefox\Profiles\wb83bw4w.default\extensions
[2009/07/29 09:03:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\monica\Application Data\Mozilla\Firefox\Profiles\wb83bw4w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/27 14:36:19 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\monica\Application Data\Mozilla\Firefox\Profiles\wb83bw4w.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/07 22:08:13 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\monica\Application Data\Mozilla\Firefox\Profiles\wb83bw4w.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/07 22:09:35 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\monica\Application Data\Mozilla\Firefox\Profiles\wb83bw4w.default\searchplugins\aim-search.xml
[2010/05/10 09:57:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/08 09:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/08 09:43:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/05/08 09:43:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/01 20:23:22 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2011/06/23 17:59:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (VM.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)
O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\system32\drivers\PhiBtn.exe (Philips)
O4 - HKLM..\Run: [Traymin900] C:\WINDOWS\system32\drivers\Tray900.exe (Philips)
O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/06/20 15:38:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\monica\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\monica\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} https://project.rbrooks.com/ProjectServer/objects/pjclient.cab (PjAdoInfo3 Class)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} https://project.rbrooks.com/ProjectServer/objects/1033/pjcintl.cab (Pj11enuC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 18:33:18 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/06/23 17:54:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/23 17:50:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/23 17:50:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/23 17:50:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/23 17:50:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/23 17:50:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/23 17:49:04 | 004,135,090 | R--- | C] (Swearware) -- C:\Documents and Settings\monica\Desktop\ComboFix.exe
[2011/06/22 14:48:01 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\monica\Desktop\dds.scr
[2011/06/22 14:47:36 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\monica\Desktop\aswMBR.exe
[2011/06/21 15:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Local Settings\Application Data\Opera
[2011/06/21 15:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\Opera
[2011/06/21 00:21:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
[2011/06/21 00:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/06/20 16:15:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\monica\Recent
[2011/06/16 03:05:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/05/25 21:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/05/25 21:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/05/25 21:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/05/25 21:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/23 18:38:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DD1482EE-C5A0-4613-82DF-B847276139C1}.job
[2011/06/23 18:33:18 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/06/23 17:59:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/23 17:54:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/23 17:49:14 | 004,135,090 | R--- | M] (Swearware) -- C:\Documents and Settings\monica\Desktop\ComboFix.exe
[2011/06/23 17:22:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/23 17:19:25 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\SystemLook.exe
[2011/06/23 17:16:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 17:16:53 | 2078,789,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/23 16:34:59 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\iExplore.exe
[2011/06/23 08:24:37 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\unhide.exe
[2011/06/22 19:36:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/22 19:06:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\MBR.dat
[2011/06/22 12:36:10 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\monica\Desktop\dds.scr
[2011/06/22 12:35:44 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\monica\Desktop\aswMBR.exe
[2011/06/22 12:34:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\0gqce2p6.exe
[2011/06/21 00:23:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/21 00:13:19 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/06/20 15:38:23 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17358628
[2011/06/20 15:38:23 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17358628r
[2011/06/20 15:38:17 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17358628
[2011/06/17 15:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/16 03:23:40 | 000,442,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/16 03:23:40 | 000,072,154 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/30 19:19:50 | 011,015,168 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/23 17:54:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/23 17:54:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/23 17:50:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/23 17:50:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/23 17:50:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/23 17:50:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/23 17:50:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/23 17:19:23 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\SystemLook.exe
[2011/06/23 16:34:57 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\iExplore.exe
[2011/06/23 08:24:35 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\unhide.exe
[2011/06/22 19:06:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\MBR.dat
[2011/06/22 15:18:32 | 2078,789,632 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/22 14:47:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\0gqce2p6.exe
[2011/06/21 00:23:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/21 00:13:19 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/06/21 00:13:19 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/06/20 15:38:23 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17358628
[2011/06/20 15:38:23 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17358628r
[2011/06/20 15:38:17 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17358628
[2011/04/18 09:48:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2010/11/05 21:28:18 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/03/27 20:54:04 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/27 20:54:04 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\8726367279.sys
[2009/08/11 20:09:28 | 000,001,710 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/11 20:09:27 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/07/25 10:30:59 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/16 08:06:49 | 000,035,036 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/03/05 07:51:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/10 14:03:56 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/12/20 20:19:31 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/11/06 08:54:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/24 11:51:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/21 22:04:45 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2008/08/21 22:04:45 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2008/08/19 05:36:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/03 21:17:01 | 000,000,188 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/08/03 20:21:43 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Treble Reduction
[2008/08/03 20:21:43 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\monica\Application Data\Themes
[2008/08/03 20:21:43 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2008/08/03 20:13:54 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Trance Pad
[2008/08/03 20:13:54 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\monica\Application Data\Templates
[2008/08/03 20:13:54 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/07/28 07:36:31 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\monica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/08 14:40:14 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/06/16 20:38:58 | 000,776,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2008/06/15 15:51:55 | 000,104,587 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2008/06/15 15:51:55 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2008/06/02 07:53:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\monica\Application Data\wklnhst.dat
[2008/06/01 15:44:20 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\monica\Local Settings\Application Data\fusioncache.dat
[2008/06/01 10:06:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/04/19 07:40:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/19 07:34:54 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/19 07:05:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/04/19 07:05:47 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/04/19 07:05:47 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/04/19 07:05:46 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/04/19 07:05:46 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2008/04/19 07:05:46 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/04/19 07:05:45 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/04/19 07:05:45 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/19 07:05:44 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/04/19 07:05:42 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/04/19 07:05:41 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/04/19 07:04:20 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,187,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,442,888 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,072,154 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/08/03 20:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clean Electric Guitar
[2008/08/03 20:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/02/13 10:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fisher-Price
[2009/07/30 07:52:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2008/08/03 20:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/04/13 21:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2008/04/19 07:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/06/22 19:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2008/07/08 19:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/04/05 12:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/08/03 20:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/04/19 07:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2008/11/05 23:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nikon
[2011/06/21 00:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Opera
[2008/12/03 09:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Skinux
[2008/10/16 09:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Template
[2008/07/08 19:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TomTom
[2009/10/11 23:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/04/13 20:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Canon
[2009/08/01 20:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Foxit
[2009/08/31 08:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\iLike
[2008/08/03 20:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Nikon
[2011/06/21 15:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Opera
[2008/11/28 13:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Skinux
[2008/06/02 07:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Template
[2008/07/31 13:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Viewpoint
[2011/06/23 17:22:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/23 18:38:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DD1482EE-C5A0-4613-82DF-B847276139C1}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/06/22 19:36:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/23 17:54:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/06/23 18:27:29 | 000,011,297 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/19 07:07:40 | 000,006,925 | R--- | M] () -- C:\dell.sdr
[2011/06/23 17:16:53 | 2078,789,632 | -HS- | M] () -- C:\hiberfil.sys
[2003/12/08 13:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2008/06/01 10:09:46 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2010/04/07 22:07:43 | 000,001,572 | ---- | M] () -- C:\IPH.PH
[2010/03/07 20:22:38 | 000,001,305 | ---- | M] () -- C:\JavaRa.log
[2010/04/05 17:15:16 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/19 19:10:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/23 17:16:52 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/06/23 16:35:41 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2009/08/02 12:02:36 | 000,003,296 | ---- | M] () -- C:\RootRepeal report 08-02-09 (12-02-36).txt
[2009/08/02 12:31:01 | 000,003,296 | ---- | M] () -- C:\RootRepeal report 08-02-09 (12-31-01).txt
[2008/04/19 07:36:40 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2010/12/25 18:47:20 | 000,047,812 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_25.12.2010_17.46.46_log.txt
[2008/06/15 16:01:41 | 000,002,553 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 13:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/06/22 12:34:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\0gqce2p6.exe
[2011/06/22 12:35:44 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\monica\Desktop\aswMBR.exe
[2011/06/23 17:49:14 | 004,135,090 | R--- | M] (Swearware) -- C:\Documents and Settings\monica\Desktop\ComboFix.exe
[2011/06/23 16:34:59 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\iExplore.exe
[2011/06/23 18:33:18 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/06/23 17:19:25 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\SystemLook.exe
[2011/06/23 08:24:37 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\unhide.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2008/10/13 21:50:27 | 001,359,872 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\monica\My Documents\Converter.exe
[2010/09/14 17:52:48 | 055,829,904 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Documents and Settings\monica\My Documents\OV2Setup.exe
[2009/07/28 21:16:09 | 000,647,728 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\monica\My Documents\R92578.EXE
[2009/03/14 11:40:18 | 002,267,944 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\monica\My Documents\SkypeSetup(2).exe
[2009/03/13 19:08:05 | 002,267,944 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\monica\My Documents\SkypeSetup.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/19 20:43:18 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\monica\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/06/23 18:26:58 | 000,393,216 | -HS- | M] () -- C:\Documents and Settings\monica\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5C321E34

< End of report >

Whiskeyman · 2011/06/23

OTL Extras logfile created on: 6/23/2011 6:37:17 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\monica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 68.99% Memory free
3.79 Gb Paging File | 3.38 Gb Available in Paging File | 89.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 56.46 Gb Free Space | 37.90% Space Free | Partition Type: NTFS

Computer Name: DCK7T3G1 | User Name: monica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*isabled:Kodak Software Updater -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F92D4CE-8D3C-48FE-89C9-5CB7C02F8FB0}" = Fisher-Price Leo and the Dinosaurs
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}" = Philips SPC 900NC PC Camera
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3BE11C5A-7959-418B-90AC-1D85DE8B6E15}" = 5500
"{3C19B361-C9E5-4D9C-99AA-CF039CE7F96E}" = Microsoft Outlook Web Access S/MIME (2007)
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5DE8F9B6-DAEA-4990-AB2A-F797577D88B5}" = 5500Tour
"{5E564EB5-6BE3-4084-BEC0-627D637BBE8C}" = Easy-Link internet launch pad
"{5EA24DA8-F398-42C7-8CDC-39273493C514}" = Clique Cam 326
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643CC22D-0994-41A8-ACE8-CF11A2ACDC1C}" = OLYMPUS Viewer 2
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7CC978FD-AE31-419D-A7AB-2A137689AE1F}" = OLYMPUS Digital Camera Updater
"{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
"{80958B03-07E3-4F0A-8950-4F709899F321}" = OLYMPUS Studio 2
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{85DE22DE-CB29-4A0C-8930-09BC030F64BF}" = Fisher-Price Dora and Diego's Classroom
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}" = Philips VLounge
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B08A973F-5D0C-4A09-A219-F00289BB85C0}" = 5500_Help
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D1760DA4-A5FA-4FF1-A46A-031AB4A41345}" = 5500Trb
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E7A9B8E3-060D-4D02-8ED7-D629BD6404EC}" = Fisher-Price SpongeBob's Classroom
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EBA4ECB6-8F08-4E3F-A1D1-6564931DFEAF}" = Fisher-Price Scooby-Doo's Classroom
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"1A6754C019F3AE544C346226BB63AC9BC7DACCDE" = Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0)
"2CFDDBA03CBE225A1FA2032FE06674F0AF0549D0" = Windows Driver Package - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam (06/28/2007 2.2.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DPP" = Canon Utilities Digital Photo Professional 3.8
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1044)
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{0F92D4CE-8D3C-48FE-89C9-5CB7C02F8FB0}" = Fisher-Price Leo and the Dinosaurs
"InstallShield_{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{85DE22DE-CB29-4A0C-8930-09BC030F64BF}" = Fisher-Price Dora and Diego's Classroom
"InstallShield_{E7A9B8E3-060D-4D02-8ED7-D629BD6404EC}" = Fisher-Price SpongeBob's Classroom
"InstallShield_{EBA4ECB6-8F08-4E3F-A1D1-6564931DFEAF}" = Fisher-Price Scooby-Doo's Classroom
"jv16 PowerTools_is1" = jv16 PowerTools 1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.11.2109" = Opera 11.11
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TomTom HOME" = TomTom HOME
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 0.9.2
"WFTK" = Canon Utilities WFT Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1216478575-1639340339-3823283540-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2011 3:04:31 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/20/2011 3:04:31 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/20/2011 3:04:31 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/20/2011 3:04:31 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/20/2011 3:04:31 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/20/2011 4:22:01 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/21/2011 12:11:57 AM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/23/2011 8:42:39 AM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/23/2011 5:17:31 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/23/2011 5:17:34 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

[ Application Events ]
Error - 6/20/2011 3:04:31 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/20/2011 3:04:31 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/20/2011 3:04:31 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/20/2011 3:04:31 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/20/2011 3:04:31 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/20/2011 4:22:01 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/21/2011 12:11:57 AM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/23/2011 8:42:39 AM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/23/2011 5:17:31 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

Error - 6/23/2011 5:17:34 PM | Computer Name = DCK7T3G1 | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 6/23/2011 8:37:32 AM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 6/23/2011 8:42:02 AM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7000
Description = The Protexis Licensing V2 service failed to start due to the following
error: %%3

Error - 6/23/2011 8:42:19 AM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SASDIFSV SASKUTIL

Error - 6/23/2011 8:43:03 AM | Computer Name = DCK7T3G1 | Source = System Error | ID = 1003
Description = Error code 100000ce, parameter1 b6616620, parameter2 00000008, parameter3
b6616620, parameter4 00000000.

Error - 6/23/2011 9:06:44 AM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7000
Description = The Protexis Licensing V2 service failed to start due to the following
error: %%3

Error - 6/23/2011 9:06:51 AM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SASDIFSV SASKUTIL

Error - 6/23/2011 3:51:41 PM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7000
Description = The Protexis Licensing V2 service failed to start due to the following
error: %%3

Error - 6/23/2011 3:51:52 PM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SASDIFSV SASKUTIL

Error - 6/23/2011 5:17:22 PM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7000
Description = The Protexis Licensing V2 service failed to start due to the following
error: %%3

Error - 6/23/2011 5:17:29 PM | Computer Name = DCK7T3G1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SASDIFSV SASKUTIL

< End of report >

broni · 2011/06/23

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus(R)
IE - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1216478575-1639340339-3823283540-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011/06/20 15:38:23 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17358628
[2011/06/20 15:38:23 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17358628r
[2011/06/20 15:38:17 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17358628
[2010/03/27 20:54:04 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/27 20:54:04 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\8726367279.sys
[2008/07/31 13:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Viewpoint
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5C321E34

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=====================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Whiskeyman · 2011/06/23

All processes killed
========== OTL ==========
Error: No service named getPlusHelper) getPlus(R was found to stop!
Service\Driver key getPlusHelper) getPlus(R not found.
Registry value HKEY_USERS\S-1-5-21-1216478575-1639340339-3823283540-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-1216478575-1639340339-3823283540-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\~17358628 moved successfully.
C:\Documents and Settings\All Users\Application Data\~17358628r moved successfully.
C:\Documents and Settings\All Users\Application Data\17358628 moved successfully.
C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\8726367279.sys moved successfully.
C:\Documents and Settings\monica\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\monica\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\monica\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\monica\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\monica\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\monica\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\monica\Application Data\Viewpoint folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\Temp:5C321E34 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Bill
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37131450 bytes
->Opera cache emptied: 1651919 bytes
->Flash cache emptied: 2058 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1600 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 878 bytes

User: monica
->Temp folder emptied: 587497 bytes
->Temporary Internet Files folder emptied: 10360744 bytes
->Java cache emptied: 54428 bytes
->FireFox cache emptied: 34916967 bytes
->Apple Safari cache emptied: 14336 bytes
->Opera cache emptied: 9372477 bytes
->Flash cache emptied: 747 bytes

User: NetworkService
->Temp folder emptied: 1234 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 750 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 806 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Bill
->Flash cache emptied: 0 bytes

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: monica
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.24.1 log created on 06232011_190229

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Whiskeyman · 2011/06/23

I need to dig out the Trend Micro **** and get rid of it.

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Trend Micro Internet Security
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.1.51.95
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

broni · 2011/06/23

Perfect!

Eset....

Log in or Sign up

Solved All Programs list empty

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved All Programs list empty

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Whiskeyman Inactive Alumni Thread Starter

Whiskeyman Inactive Alumni Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches