laralara
-
Posts
60 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by laralara
-
-
I restarted the computer and still got the error code 2
-
========== OTL ==========
Service Ftdippk2sacs stopped successfully!
Service Ftdippk2sacs deleted successfully!
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service sfsync04 stopped successfully!
Service sfsync04 deleted successfully!
File System32\drivers\sfsync04.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service MRENDIS5 stopped successfully!
Service MRENDIS5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS not found.
Service MREMPR5 stopped successfully!
Service MREMPR5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 12182012_122428
-
I don't know what I'm doing wrong, I ran the OTL twice and usually the extras.txt file is on the desktop, but now I can't find it anywhere. I even did a search.
-
I attached the OTL.txt file but I can't seem to find the extra.txt file...I will post it as soon as I find it
-
I ran disc clean-up yesterday and this morning when i booted, it was fine. Turned off the computer and then booted it this afternoon, and the dreaded error code 2 showed up again. I hate bothering you all the time about this...
Is there anyway, to start Malwarebytes after Windows has started? Otherwise I'd have to always remember to disable it before I power off and then start it after the computer boots or I'll just have to wait 7-8 minutes for the computer to boot.
-
"Silent Runners.vbs", revision 64, http://www.silentrunners.org/
Operating System: Microsoft Windows XP Professional Service Pack 3 (32-bit)
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Yahoo! Pager = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [Yahoo! Inc.]
Search Protection = C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [Yahoo! Inc]
OfficeSyncProcess = "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [MS]
GoogleDriveSync = "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [Google]
12F9BEC1EC6BE2D5615C75033DB928BBBB2922E8._service_run = "C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service [Google Inc.]
MusicManager = "C:\Documents and Settings\sharon\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [Google Inc.]
GoogleChromeAutoLaunch_65B68F2A14D8870A2AE39DA3D9784B74 = "C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --no-startup-window [Google Inc.]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
Communicator = "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey [MS]
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime [Apple Inc.]
TkBellExe = "C:\program files\real\realplayer\update\realsched.exe" -osboot [RealNetworks, Inc.]
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [sun Microsystems, Inc.]
00PCTFW = "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s [PC Tools]
MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS]
NBAgent = "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [Nero AG]
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM…CLSID} = &Yahoo! Toolbar Helper
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll [Yahoo! Inc.]
{11111111-1111-1111-1111-110011441193}\(Default) = CrossriderApp0004493
-> {HKLM…CLSID} = Coupon Companion
\InProcServer32\(Default) = C:\Program Files\Coupon Companion\Coupon Companion.dll [215 Apps]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM…CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM…CLSID} = RealPlayer Download and Record Plugin for Internet Explorer
\InProcServer32\(Default) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer]
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync add-on BHO
-> {HKLM…CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Lync\OCHelper.dll [MS]
{326E768D-4182-46FD-9C16-1449A49795F4}\(Default) = Increase performance and video formats for your HTML5 <video>
-> {HKLM…CLSID} = DivX Plus Web Player HTML5 <video>
\InProcServer32\(Default) = C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [DivX, LLC]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
-> {HKLM…CLSID} = Yahoo! IE Services Button
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! Inc.]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM…CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…CLSID} = Windows Live Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM…CLSID} = Google Toolbar Helper
\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM…CLSID} = Google Toolbar Notifier BHO
\InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [Google Inc.]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM…CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
{EAD3A971-6A23-4246-8691-C9244E858967}\(Default) = (no title provided)
-> {HKLM…CLSID} = OToolbarHelper Class
\InProcServer32\(Default) = C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll [null data]
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\(Default) = (no title provided)
-> {HKLM…CLSID} = SingleInstance Class
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll [Yahoo! Inc]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
GDriveBlacklistedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}
-> {HKLM…CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google]
GDriveSharedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}
-> {HKLM…CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google]
GDriveSyncedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}
-> {HKLM…CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google]
GDriveSyncingOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}
-> {HKLM…CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google]
Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext
-> {HKLM…CLSID} = HyperTerminal Icon Ext
\InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]
{BAB66DEA-6E13-473b-AA5A-B4172418F54B} = Firehand Ember Thumbnail Icon Generator
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Firehand Technologies\Ember\fhndicon.dll [Firehand Technologies Corporation]
{B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler
-> {HKLM…CLSID} = NeroDigitalIconHandler Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll [Nero AG]
{7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler
-> {HKLM…CLSID} = NeroDigitalPropSheetHandler Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll [Nero AG]
{5464D816-CF16-4784-B9F3-75C0DB52B499} = Yahoo! Mail
-> {HKLM…CLSID} = Yahoo! Mail Shell Extension
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Common\YMMAPI.dll [Yahoo! Inc.]
{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
-> {HKLM…CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]
{1530F7EE-5128-43BD-9977-84A4B0FAD7DF} = PhotoToys
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\system32\phototoys.dll [MS]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]
{63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]
{3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]
{6F5D5D75-8A92-45A8-9EB7-59CB44C8C6A2} = My Replica
-> {HKLM…CLSID} = My Replica
\InProcServer32\(Default) = C:\PROGRA~1\SEAGAT~1\bin\SEAGAT~2.DLL [seagate Technology LLC]
{41219729-53A7-4BFA-860D-3C07701A7367} = CRebitInfotipExt
-> {HKLM…CLSID} = RebitShellExt.InfotipExtension
\InProcServer32\(Default) = C:\PROGRA~1\SEAGAT~1\bin\SEAGAT~3.DLL [seagate Technology LLC]
{7A9A2CC0-1C55-41F8-8305-957DE59A6B0B} = CRebitContextMenuExt
-> {HKLM…CLSID} = ShellExt.ContextMenuExtension
\InProcServer32\(Default) = C:\PROGRA~1\SEAGAT~1\bin\SEAGAT~3.DLL [seagate Technology LLC]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM…CLSID} = iTunes
\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM…CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM…CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension
-> {HKLM…CLSID} = Workspaces
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM…CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM…CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
-> {HKLM…CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
-> {HKLM…CLSID} = Groove Folder Synchronization
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM…CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
-> {HKLM…CLSID} = Groove GFS Stub Icon Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
-> {HKLM…CLSID} = Groove XML Icon Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler
-> {HKLM…CLSID} = Microsoft Outlook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\MLSHEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM…CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]
{0563DB41-F538-4B37-A92D-4659049B7766} = WLMD Message Handler
-> {HKLM…CLSID} = CLSID_WLMCMimeFilter
\InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM…CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{97090E2F-3062-4459-855B-014F0D3CDBB1} = Windows Search Deskbar
-> {HKCU…CLSID} = Windows Search Deskbar
\InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\deskbar.dll [MS]
-> {HKLM…CLSID} = Windows Search Deskbar
\InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\deskbar.dll [MS]
{13E7F612-F261-4391-BEA2-39DF4F3FA311} = Windows Desktop Search
-> {HKLM…CLSID} = Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\msnlExt.dll [MS]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player
-> {HKLM…CLSID} = RealOne Player Context Menu Class
\InProcServer32\(Default) = c:\program files\real\realplayer\rpshell.dll [RealNetworks, Inc.]
{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = c:\PROGRA~1\MI239C~1\shellext.dll [MS]
{F764812A-132C-4013-9960-5CBBEB408A0E} = Nero Shell Extension
-> {HKLM…CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM…CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
<<!>> {56F9679E-7826-4C84-81F3-532071A8BCC5} = (no title provided)
-> {HKLM…CLSID} = Windows Desktop Search Namespace Manager
\InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
-> {HKLM…CLSID} = WPDShServiceObj Class
\InProcServer32\(Default) = C:\WINDOWS\system32\WPDShServiceObj.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = igfxdev.dll [intel Corporation]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
-> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS]
<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
-> {HKLM…CLSID} = HxProtocol Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS]
<<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS]
<<!>> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0}
-> {HKLM…CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM…CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]
EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = c:\PROGRA~1\MI239C~1\shellext.dll [MS]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
Yahoo! Mail\(Default) = {5464D816-CF16-4784-B9F3-75C0DB52B499}
-> {HKLM…CLSID} = Yahoo! Mail Shell Extension
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Common\YMMAPI.dll [Yahoo! Inc.]
{A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}\(Default) = (no title provided)
-> {HKLM…CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]
{F764812A-132C-4013-9960-5CBBEB408A0E}\(Default) = (no title provided)
-> {HKLM…CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]
HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\
NBShellHook\(Default) = {A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}
-> {HKLM…CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
CRebitContextMenuExt\(Default) = {7A9A2CC0-1C55-41F8-8305-957DE59A6B0B}
-> {HKLM…CLSID} = ShellExt.ContextMenuExtension
\InProcServer32\(Default) = C:\PROGRA~1\SEAGAT~1\bin\SEAGAT~3.DLL [seagate Technology LLC]
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM…CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]
EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = c:\PROGRA~1\MI239C~1\shellext.dll [MS]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{F764812A-132C-4013-9960-5CBBEB408A0E}\(Default) = (no title provided)
-> {HKLM…CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM…CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM…CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\WINDOWS\system32\igfxpph.dll [intel Corporation]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler
-> {HKLM…CLSID} = NeroDigitalColumnHandler Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll [Nero AG]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM…CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
{A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}\(Default) = (no title provided)
-> {HKLM…CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
NBShellHook\(Default) = {A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}
-> {HKLM…CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]
Default executables:
--------------------
<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = ComFile
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}
EnableLinkedConnections = (REG_DWORD) dword:0x00000001
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Documents and Settings\sharon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\WINDOWS\system32\ssstars.scr [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
AdobePhotoshopElementsShowPicturesOnArrival\
Provider = Adobe Photoshop Elements
InvokeProgID = PhotoshopElements.Application.2
InvokeVerb = edit
HKLM\SOFTWARE\Classes\PhotoshopElements.Application.2\shell\edit\DropTarget\CLSID = {06BA3416-AB29-4e01-A2F1-5AB6A17BEBBB}
-> {HKLM…CLSID} = (no title provided)
\LocalServer32\(Default) = C:\Program Files\Adobe\Photoshop Elements 2\PhotoshopElements.exe /Automation [Adobe Systems, Incorporated]
CanonMPNEX10PictureOnArrival\
Provider = MP Navigator EX Ver1.0
InvokeProgID = MPNavigatorEX10.AutoplayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\MPNavigatorEX10.AutoplayHandler\shell\open\command\(Default) = C:\Program Files\Canon\MP Navigator EX 1.0\mpnex10.exe /AUTOPLAY %1 [CANON INC.]
CanonZB4PicturesOnArrival\
Provider = Canon ZoomBrowser EX
InvokeProgID = Zb.AutoplayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = C:\Program Files\Canon\ZoomBrowser EX MCU\MCULauncher.exe [null data]
iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]
iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]
iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]
iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]
MediaHub10BluRayOnArrival\
Provider = Nero MediaHub 10
InvokeProgID = OpenWithNeroMediaHub10
InvokeVerb = open
HKLM\SOFTWARE\Classes\OpenWithNeroMediaHub10\shell\open\command\(Default) = "C:\Program Files\Nero\Nero 10\Nero MediaHub\MediaHub.exe" %L [null data]
MediaHub10CDAudioOnArrival\
Provider = Nero MediaHub 10
InvokeProgID = OpenWithNeroMediaHub10
InvokeVerb = open
HKLM\SOFTWARE\Classes\OpenWithNeroMediaHub10\shell\open\command\(Default) = "C:\Program Files\Nero\Nero 10\Nero MediaHub\MediaHub.exe" %L [null data]
MediaHub10DVDMovieOnArrival\
Provider = Nero MediaHub 10
InvokeProgID = OpenWithNeroMediaHub10
InvokeVerb = open
HKLM\SOFTWARE\Classes\OpenWithNeroMediaHub10\shell\open\command\(Default) = "C:\Program Files\Nero\Nero 10\Nero MediaHub\MediaHub.exe" %L [null data]
MediaHub10MediaFilesOnArrival\
Provider = Nero MediaHub 10
InvokeProgID = ImportWithNeroMediaHub10
InvokeVerb = open
HKLM\SOFTWARE\Classes\ImportWithNeroMediaHub10\shell\open\command\(Default) = "C:\Program Files\Nero\Nero 10\Nero MediaHub\MediaHub.exe" /Import=%L [null data]
MediaHub10SVCDMovieOnArrival\
Provider = Nero MediaHub 10
InvokeProgID = OpenWithNeroMediaHub10
InvokeVerb = open
HKLM\SOFTWARE\Classes\OpenWithNeroMediaHub10\shell\open\command\(Default) = "C:\Program Files\Nero\Nero 10\Nero MediaHub\MediaHub.exe" %L [null data]
MediaHub10VCDMovieOnArrival\
Provider = Nero MediaHub 10
InvokeProgID = OpenWithNeroMediaHub10
InvokeVerb = open
HKLM\SOFTWARE\Classes\OpenWithNeroMediaHub10\shell\open\command\(Default) = "C:\Program Files\Nero\Nero 10\Nero MediaHub\MediaHub.exe" %L [null data]
MediaHub10WPDOnArrival\
Provider = Nero MediaHub 10
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;"C:\Program Files\Nero\Nero 10\Nero MediaHub\MediaHub.exe" -Import %1 %2;
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]
MSLivePhotoAcqHWEventHandler\
Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10
ProgID = Microsoft.LivePhotoAcqHWEventHandler
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}
-> {HKLM…CLSID} = (no title provided)
\LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS]
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
MSLiveVideoCameraArrivalCaptureWizard\
Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10
ProgID = WLXAutoPlayMgr.WLXHWEventHandler
InitCmdLine = WLXVideoAcquireWizard
HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}
-> {HKLM…CLSID} = WLXWEventHandler Class
\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS]
MSWPDShellNamespaceHandler\
Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine =
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]
NapsterMTPHandler\
Provider = @C:\Program Files\Napster\napster.exe,-101
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files\Napster\napster.exe" /devicesync
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = ShellExecute HW Event Handler
\LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
NapsterPlayCDHandler\
Provider = @C:\Program Files\Napster\napster.exe,-101
InvokeProgID = Napster.AutoplayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\Napster.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Napster\napster.exe" /playcd "%L" [Napster]
NeroAutoPlay2CDAudio\
Provider = Nero Express
InvokeProgID = Nero.AutoPlay2
InvokeVerb = HandleCDBurningOnArrival_CDAudio
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L [Ahead Software AG]
NeroAutoPlay2CopyCD\
Provider = Nero Express
InvokeProgID = Nero.AutoPlay2
InvokeVerb = PlayCDAudioOnArrival_CopyCD
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L [Ahead Software AG]
NeroAutoPlay2DataDisc\
Provider = Nero Express
InvokeProgID = Nero.AutoPlay2
InvokeVerb = HandleCDBurningOnArrival_DataDisc
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L [Ahead Software AG]
NeroAutoPlay2LaunchNeroStartSmart\
Provider = Nero StartSmart
InvokeProgID = Nero.AutoPlay2
InvokeVerb = HandleCDBurningOnArrival_LaunchNeroStartSmart
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L [Ahead Software AG]
NeroAutoPlay2PlayAudioCD\
Provider = Nero Media Player
InvokeProgID = Nero.AutoPlay2
InvokeVerb = PlayMusicFilesOnArrival_PlayAudioCD
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayMusicFilesOnArrival_PlayAudioCD\command\(Default) = C:\Program Files\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe /Play %L [Ahead software]
NeroAutoPlay2PlayDVD\
Provider = Nero ShowTime
InvokeProgID = Nero.AutoPlay2
InvokeVerb = PlayVideoFilesOnArrival_PlayDVD
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayVideoFilesOnArrival_PlayDVD\command\(Default) = C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe /Play %L [Nero Software AG]
NeroAutoPlay2VideoCapture\
Provider = NeroVision Express SE
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files\Ahead\NeroVision\NeroVision.exe" /New:VideoCapture
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = ShellExecute HW Event Handler
\LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
NeroBurningROM10CopyCD\
Provider = Nero Burning ROM 10
InvokeProgID = Nero.BurningROM.10.AutoPlay
InvokeVerb = CopyCD
HKLM\SOFTWARE\Classes\Nero.BurningROM.10.AutoPlay\shell\CopyCD\command\(Default) = C:\Program Files\Nero\Nero 10\Nero Burning ROM\nero.exe -w /Dialog:DiscCopy [Nero AG]
NeroBurningROM10LaunchNBR\
Provider = Nero Burning ROM 10
InvokeProgID = Nero.BurningROM.10.AutoPlay
InvokeVerb = LanchNE
HKLM\SOFTWARE\Classes\Nero.BurningROM.10.AutoPlay\shell\LanchNE\command\(Default) = C:\Program Files\Nero\Nero 10\Nero Burning ROM\nero.exe /Media:AUTO /Drive:%L [Nero AG]
NeroExpress10CopyCD\
Provider = Nero Express 10
InvokeProgID = Nero.Express.10.AutoPlay
InvokeVerb = CopyCD
HKLM\SOFTWARE\Classes\Nero.Express.10.AutoPlay\shell\CopyCD\command\(Default) = C:\Program Files\Nero\Nero 10\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy [Nero AG]
NeroExpress10LaunchNE\
Provider = Nero Express 10
InvokeProgID = Nero.Express.10.AutoPlay
InvokeVerb = LanchNE
HKLM\SOFTWARE\Classes\Nero.Express.10.AutoPlay\shell\LanchNE\command\(Default) = C:\Program Files\Nero\Nero 10\Nero Express\NeroExpress.exe /Media:AUTO /Drive:%L [Nero AG]
NeroVision10VideoCapture\
Provider = Nero Vision 10
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files\Nero\Nero 10\Nero Vision\NeroVision.exe" /New:VideoCapture
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = ShellExecute HW Event Handler
\LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
PDirXDVArrival\
Provider = PowerDirector Express
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files\CyberLink\PowerDirector Express\PDX.exe" /DV
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = ShellExecute HW Event Handler
\LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
Picasa2ImportPicturesOnArrival\
Provider = Picasa2
InvokeProgID = picasa2.autoplay
InvokeVerb = import
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files\Picasa2\Picasa2.exe "%1" [Google Inc.]
PPCDBurningOnArrival\
Provider = PowerProducer
InvokeProgID = Picture
InvokeVerb = OpenWithPowerProducer
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = "C:\Program Files\CyberLink\PowerProducer\Producer.exe" [CyberLink]
PPDCameraArrival\
Provider = PowerProducer
InvokeProgID = Picture
InvokeVerb = OpenWithPowerProducer
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = "C:\Program Files\CyberLink\PowerProducer\Producer.exe" [CyberLink]
PPDVArrival\
Provider = PowerProducer
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files\CyberLink\PowerProducer\Producer.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = ShellExecute HW Event Handler
\LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
RPCDBurningOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.CDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /burn "%1" [RealNetworks, Inc.]
RPDeviceOnArrival\
Provider = RealPlayer
ProgID = RealPlayer.HWEventHandler
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = {67E76F1D-BDE2-4052-913C-2752366192D2}
-> {HKLM…CLSID} = RealNetworks Scheduler
\LocalServer32\(Default) = "c:\program files\real\realplayer\Update\realsched.exe" -autoplay [RealNetworks, Inc.]
RPDVDBurningOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.DVDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /burndvd "%1" [RealNetworks, Inc.]
RPPlayCDAudioOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AudioCD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /play %1 [RealNetworks, Inc.]
RPPlayDVDMovieOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.DVD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /dvd %1 [RealNetworks, Inc.]
RPPlayMediaOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AutoPlay.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /autoplay "%1" [RealNetworks, Inc.]
WinampMTPHandler\
Provider = Winamp
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = C:\Program Files\Winamp\winamp.exe
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = ShellExecute HW Event Handler
\LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
Startup items in "sharon" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\sharon\Start Menu\Programs\Startup
OneNote 2010 Screen Clipper and Launcher -> shortcut to: C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [MS]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Event Reminder -> shortcut to: C:\Program Files\The Print Shop 23.1\Remind.exe [broderbund Properties LLC]
Enabled Scheduled Tasks:
------------------------
Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004Core -> launches: C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004UA -> launches: C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
Microsoft Antimalware Scheduled Scan -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS]
RealUpgradeLogonTaskS-1-5-21-515967899-790525478-682003330-1004 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck [RealNetworks, Inc.]
RealUpgradeScheduledTaskS-1-5-21-515967899-790525478-682003330-1004 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck [RealNetworks, Inc.]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000005\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 18 - 19
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
-> {HKLM…CLSID} = Yahoo! Toolbar
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll [Yahoo! Inc.]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
-> {HKLM…CLSID} = Google Toolbar
\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
{F2CF5485-4E02-4F68-819C-B92DE9277049}
-> {HKLM…CLSID} = &Links
\InProcServer32\(Default) = C:\WINDOWS\system32\ieframe.dll [MS]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = (no title provided)
-> {HKLM…CLSID} = Yahoo! Toolbar
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll [Yahoo! Inc.]
{DC0F2F93-27FA-4F84-ACAA-9416F90B9511} = (no title provided)
-> {HKLM…CLSID} = PayPal Plug-In
\InProcServer32\(Default) = C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll [null data]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
-> {HKLM…CLSID} = Google Toolbar
\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
Explorer Bars
HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = Blog This
MenuText = &Blog This in Windows Live Writer
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM…CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [MS]
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM…CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = Lync add-on
MenuText = Lync add-on
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> {HKLM…CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Lync\OCHelper.dll [MS]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\
ButtonText = Yahoo! Services
CLSIDExtension = {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
-> {HKLM…CLSID} = Yahoo! IE Services Button
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! Inc.]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM…CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
MenuText = @xpsp3res.dll,-20001
Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
ButtonText = Yahoo! Messenger
MenuText = Yahoo! Messenger
Exec = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Inc.]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
ButtonText = Messenger
MenuText = Windows Messenger
Exec = C:\Program Files\Messenger\msmsgs.exe [MS]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} = (no title provided)
-> {HKLM…CLSID} = YTNavAssistPlugin Class
\InProcServer32\(Default) = C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll [Yahoo! Inc.]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
@C:\Program Files\Nero\Update\NASvc.exe,-200, NAUpdate, "C:\Program Files\Nero\Update\NASvc.exe" [Nero AG]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
BBUpdate, BBUpdate, "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" [MS]
Bluetooth Support Service, BthServ, C:\WINDOWS\system32\svchost.exe -k bthsvcs {C:\WINDOWS\System32\bthserv.dll [MS]}
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Canon Camera Access Library 8, CCALib8, C:\Program Files\Canon\CAL\CALMAIN.exe [Canon Inc.]
Cyberlink RichVideo Service(CRVS), RichVideo, "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [empty string]
Intuit Update Service, IntuitUpdateService, "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [null data]
Intuit Update Service v4, IntuitUpdateServiceV4, "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [null data]
Java Quick Starter, JavaQuickStarterService, "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation]
MBAMScheduler, MBAMScheduler, "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]
MBAMService, MBAMService, "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [Malwarebytes Corporation]
McciCMService, McciCMService, "C:\Program Files\Common Files\Motive\McciCMService.exe" [Alcatel-Lucent]
Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS]
PC Tools Firewall Plus, PCToolsFirewallPlus, C:\Program Files\PC Tools Firewall Plus\FWService.exe [PC Tools]
Seagate Replica Service, Seagate-Replica-Svc, C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule [seagate Technology LLC]
Seagate Replica System Monitor, ReplicaSysMon, C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe [seagate Technology LLC]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup {C:\WINDOWS\System32\WUDFSvc.dll [MS]}
Windows Search, WSearch, C:\WINDOWS\system32\SearchIndexer.exe /Embedding [MS]
Yahoo! Updater, YahooAUService, "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" [Yahoo! Inc.]
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> MsMpSvc, Service
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> MsMpSvc, Service
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor i850\Driver = CNMLM4B.DLL [CANON INC.]
CutePDF Writer Monitor\Driver = cpwmon2k.dll [null data]
---------- (launch time: 2012-12-16 09:32:14)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 137 seconds, including 45 seconds for message boxes)
-
I spoke too soon, I got an error code 2 today
-
I think the error code 2 is gone now. Please let me know how to proceed, thanks!
-
It's booting quickly so far, but last time it took a few days to act up...I'm not sure how to test it other than to wait and see? Thanks MrC
-
Oops! I see, I'll delete what I just downloaded. I'm not the only user of this computer. My son was trying to learn C++ at one time and my hubby was using Ubuntu some time ago. Although when I asked him about Widgets he didn't know if we had it or not.
-
I don't really know what I'm doing, but I went ahead and downloaded wxWidgets-2.9.4
-
I don't know if I have wxWidgets installed, and I don't know how to determine if I do...sorry.
-
ComboFix 12-12-07.01 - sharon 12/09/2012 19:55:20.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1270 [GMT -8:00]
Running from: c:\documents and settings\sharon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\sharon\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
FILE ::
"c:\windows\system32\drivers\tguv.sys"
"c:\windows\system32\drivers\uijs.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\_ctypes.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\_elementtree.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\_hashlib.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\_socket.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\_ssl.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\pyexpat.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\pysqlite2._sqlite.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\python26.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\pythoncom26.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\PyWinTypes26.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\select.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\unicodedata.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\win32api.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\win32com.shell.shell.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\win32crypt.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\win32event.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\win32file.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\win32inet.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\win32pdh.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\win32process.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\win32profile.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\win32security.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\win32ts.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\windows._cacheinvalidation.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wx._controls_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wx._core_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wx._gdi_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wx._html2.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wx._misc_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wx._windows_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wx._wizard.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wxbase293u_net_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wxbase293u_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wxmsw293u_adv_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wxmsw293u_core_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wxmsw293u_html_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI1642\wxmsw293u_webview_vc.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\_ctypes.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\_elementtree.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\_hashlib.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\_socket.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\_ssl.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\pyexpat.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\pysqlite2._sqlite.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\python26.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\pythoncom26.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\PyWinTypes26.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\select.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\unicodedata.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\win32api.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\win32com.shell.shell.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\win32crypt.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\win32event.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\win32file.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\win32inet.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\win32pdh.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\win32process.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\win32profile.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\win32security.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\win32ts.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\windows._cacheinvalidation.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wx._controls_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wx._core_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wx._gdi_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wx._html2.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wx._misc_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wx._windows_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wx._wizard.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wxbase293u_net_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wxbase293u_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wxmsw293u_adv_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wxmsw293u_core_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wxmsw293u_html_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI1642\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PDRPRSP
-------\Service_jrvtbk
-------\Service_Pdrprsp
-------\Service_pkixkats
-------\Service_Wptaontfhm
.
.
((((((((((((((((((((((((( Files Created from 2012-11-10 to 2012-12-10 )))))))))))))))))))))))))))))))
.
.
2012-12-10 04:55 . 2012-12-10 04:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2012-12-09 19:53 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8EBC9E5-8F3F-4000-B482-6A144F63D30A}\mpengine.dll
2012-12-08 05:56 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-25 03:46 . 2012-11-25 17:24 -------- d-----w- c:\program files\Web Publish
2012-11-25 03:46 . 2008-05-15 22:19 3715072 ----a-w- c:\windows\system32\cdintf300.dll
2012-11-25 03:43 . 2012-11-25 03:47 -------- d-----w- c:\program files\The Print Shop 23.1
2012-11-19 21:51 . 2012-11-19 21:51 -------- d-----w- c:\documents and settings\sharon\Local Settings\Application Data\Programs
2012-11-19 04:53 . 2012-11-19 04:53 -------- d-----w- c:\documents and settings\sharon\Local Settings\Application Data\Nero
2012-11-19 04:52 . 2012-11-19 04:52 -------- d-----w- c:\documents and settings\sharon\Application Data\Nero
2012-11-19 04:40 . 2012-11-19 04:59 -------- d-----w- c:\program files\Nero
2012-11-19 04:39 . 2012-11-19 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2012-11-19 04:23 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-11-19 04:23 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-11-19 04:22 . 2008-10-15 14:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-11-19 04:22 . 2007-07-20 02:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-11-16 21:38 . 2012-09-30 03:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 21:38 . 2012-11-16 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-15 23:32 . 2012-11-15 23:32 -------- d-----w- c:\documents and settings\sharon\Application Data\Malwarebytes
2012-11-15 23:32 . 2012-11-15 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-15 16:51 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-11-15 16:51 . 2012-11-15 16:51 -------- d-----w- C:\0d061fbcac79d09e9bb124cf52ce
2012-11-15 16:45 . 2012-11-15 16:46 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-15 16:41 . 2012-11-15 16:41 -------- d-----w- c:\documents and settings\sharon\Application Data\PCToolsFirewallPlus
2012-11-15 16:39 . 2011-03-02 20:40 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-11-15 16:39 . 2010-03-29 19:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-11-15 16:39 . 2011-01-17 17:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-11-15 16:37 . 2012-11-15 16:39 -------- d-----w- c:\program files\Common Files\PC Tools
2012-11-15 16:37 . 2011-01-12 18:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-11-15 16:37 . 2010-07-08 16:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2012-11-15 16:37 . 2010-02-05 16:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-11-15 16:37 . 2011-01-17 16:11 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-11-15 16:37 . 2012-11-15 16:41 -------- d-----w- c:\program files\PC Tools Firewall Plus
2012-11-15 06:44 . 2012-11-15 06:44 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 16:55 . 2012-05-05 16:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-06 16:55 . 2011-05-21 01:52 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-15 06:44 . 2008-10-25 16:59 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-15 06:44 . 2012-07-24 03:50 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-15 06:44 . 2010-08-13 02:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-10 07:22 . 2012-10-10 06:22 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-21 14:50 . 2012-09-14 16:47 105088 ----a-w- c:\windows\system32\drivers\av5flt.sys
2012-11-06 19:52 . 2012-11-06 19:51 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn9\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-11-09 16070136]
"12F9BEC1EC6BE2D5615C75033DB928BBBB2922E8._service_run"="c:\documents and settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-12-06 1248360]
"MusicManager"="c:\documents and settings\sharon\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2012-10-22 7356928]
"GoogleChromeAutoLaunch_65B68F2A14D8870A2AE39DA3D9784B74"="c:\documents and settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-12-06 1248360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-09-29 12105344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-11-01 296096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-03 1406248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
c:\documents and settings\sharon\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\The Print Shop 23.1\Remind.exe [2010-6-21 344064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^sharon^Start Menu^Programs^Startup^Seagate NA0JGNRB Product Registration.lnk]
path=c:\documents and settings\sharon\Start Menu\Programs\Startup\Seagate NA0JGNRB Product Registration.lnk
backup=c:\windows\pss\Seagate NA0JGNRB Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-24 04:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 22:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]
2012-09-29 04:44 12105344 ----a-w- c:\program files\Microsoft Lync\communicator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-23 05:10 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-11-08 07:56 166424 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-11-08 07:56 141848 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-11-08 07:56 137752 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 03:57 16855552 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-10-11 03:04 1826816 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Documents and Settings\\sharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\sharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Lync\\communicator.exe"=
"c:\\Program Files\\Microsoft Lync\\UcMapi.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [5/8/2006 9:46 AM 4064]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/15/2012 8:39 AM 251560]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/16/2012 1:38 PM 399432]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [11/15/2012 8:39 AM 160576]
R2 ReplicaSysMon;Seagate Replica System Monitor;c:\program files\Seagate Replica\bin\ReplicaSysMon.exe [3/31/2011 11:46 AM 416208]
R2 Seagate-Replica-Svc;Seagate Replica Service;c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe [3/31/2011 11:46 AM 1947600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/16/2012 1:38 PM 22856]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [11/15/2012 8:37 AM 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [11/15/2012 8:37 AM 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [11/15/2012 8:37 AM 125248]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/16/2012 1:38 PM 676936]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 2:55 PM 39424]
S3 Ftdippk2sacs;Ftdippk2sacs; [x]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [11/15/2012 8:37 AM 57536]
S3 RDID1059;Cakewalk Music Connector 1;c:\windows\system32\drivers\Rdwm1059.sys [10/21/2006 5:24 PM 66674]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 16:55]
.
2012-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]
.
2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 23:47]
.
2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 23:47]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004Core.job
- c:\documents and settings\sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-26 01:55]
.
2012-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004UA.job
- c:\documents and settings\sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-26 01:55]
.
2012-12-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 01:25]
.
2012-12-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-790525478-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
2012-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-790525478-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab?
FF - ProfilePath - c:\documents and settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-tyc8
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - ExtSQL: 2012-11-01 09:13; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2012-11-02 07:35; fmconverter@gmail.com; c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2009-09-02 06:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-09 20:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Seagate-Replica-Svc]
"ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4932)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
c:\program files\Seagate Replica\bin\Seagate-Replica-Tray.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-12-09 21:05:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-10 05:05
ComboFix2.txt 2012-12-09 19:47
.
Pre-Run: 429,844,328,448 bytes free
Post-Run: 429,747,040,256 bytes free
.
- - End Of File - - 33CA976F7B1E8B7446E232D5CDA6651F
-
ComboFix 12-12-07.01 - sharon 12/09/2012 10:58:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1049 [GMT -8:00]
Running from: c:\documents and settings\sharon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\_ctypes.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\_elementtree.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\_hashlib.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\_socket.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\_ssl.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\pyexpat.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\pysqlite2._sqlite.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\python26.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\pythoncom26.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\PyWinTypes26.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\select.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\unicodedata.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\win32api.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\win32com.shell.shell.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\win32crypt.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\win32event.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\win32file.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\win32inet.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\win32pdh.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\win32process.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\win32profile.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\win32security.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\win32ts.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\windows._cacheinvalidation.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wx._controls_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wx._core_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wx._gdi_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wx._html2.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wx._misc_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wx._windows_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wx._wizard.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wxbase293u_net_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wxbase293u_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wxmsw293u_adv_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wxmsw293u_core_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wxmsw293u_html_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI29043\wxmsw293u_webview_vc.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\_ctypes.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\_elementtree.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\_hashlib.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\_socket.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\_ssl.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\pyexpat.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\pysqlite2._sqlite.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\python26.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\pythoncom26.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\PyWinTypes26.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\select.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\unicodedata.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\win32api.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\win32com.shell.shell.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\win32crypt.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\win32event.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\win32file.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\win32inet.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\win32pdh.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\win32process.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\win32profile.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\win32security.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\win32ts.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\windows._cacheinvalidation.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wx._controls_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wx._core_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wx._gdi_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wx._html2.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wx._misc_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wx._windows_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wx._wizard.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wxbase293u_net_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wxbase293u_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wxmsw293u_adv_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wxmsw293u_core_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wxmsw293u_html_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI29043\wxmsw293u_webview_vc.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
.
.
2012-12-09 19:34 . 2012-12-09 19:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2012-11-25 03:46 . 2012-11-25 17:24 -------- d-----w- c:\program files\Web Publish
2012-11-25 03:46 . 2008-05-15 22:19 3715072 ----a-w- c:\windows\system32\cdintf300.dll
2012-11-25 03:43 . 2012-11-25 03:47 -------- d-----w- c:\program files\The Print Shop 23.1
2012-11-19 21:51 . 2012-11-19 21:51 -------- d-----w- c:\documents and settings\sharon\Local Settings\Application Data\Programs
2012-11-19 04:53 . 2012-11-19 04:53 -------- d-----w- c:\documents and settings\sharon\Local Settings\Application Data\Nero
2012-11-19 04:52 . 2012-11-19 04:52 -------- d-----w- c:\documents and settings\sharon\Application Data\Nero
2012-11-19 04:40 . 2012-11-19 04:59 -------- d-----w- c:\program files\Nero
2012-11-19 04:39 . 2012-11-19 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2012-11-19 04:23 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-11-19 04:23 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-11-19 04:22 . 2008-10-15 14:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-11-19 04:22 . 2007-07-20 02:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-11-16 21:38 . 2012-09-30 03:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 21:38 . 2012-11-16 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-15 23:32 . 2012-11-15 23:32 -------- d-----w- c:\documents and settings\sharon\Application Data\Malwarebytes
2012-11-15 23:32 . 2012-11-15 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-15 16:51 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-11-15 16:51 . 2012-11-15 16:51 -------- d-----w- C:\0d061fbcac79d09e9bb124cf52ce
2012-11-15 16:45 . 2012-11-15 16:46 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-15 16:41 . 2012-11-15 16:41 -------- d-----w- c:\documents and settings\sharon\Application Data\PCToolsFirewallPlus
2012-11-15 16:39 . 2011-03-02 20:40 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-11-15 16:39 . 2010-03-29 19:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-11-15 16:39 . 2011-01-17 17:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-11-15 16:37 . 2012-11-15 16:39 -------- d-----w- c:\program files\Common Files\PC Tools
2012-11-15 16:37 . 2011-01-12 18:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-11-15 16:37 . 2010-07-08 16:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2012-11-15 16:37 . 2010-02-05 16:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-11-15 16:37 . 2011-01-17 16:11 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-11-15 16:37 . 2012-11-15 16:41 -------- d-----w- c:\program files\PC Tools Firewall Plus
2012-11-15 06:44 . 2012-11-15 06:44 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 16:55 . 2012-05-05 16:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-06 16:55 . 2011-05-21 01:52 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-15 06:44 . 2008-10-25 16:59 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-15 06:44 . 2012-07-24 03:50 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-15 06:44 . 2010-08-13 02:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-08 18:00 . 2012-12-09 15:53 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{208A3C36-CB8C-4412-8065-678015DCBAD7}\mpengine.dll
2012-11-08 18:00 . 2012-12-08 05:56 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-10 07:22 . 2012-10-10 06:22 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-21 14:50 . 2012-09-14 16:47 105088 ----a-w- c:\windows\system32\drivers\av5flt.sys
2012-11-06 19:52 . 2012-11-06 19:51 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn9\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-11-09 16070136]
"12F9BEC1EC6BE2D5615C75033DB928BBBB2922E8._service_run"="c:\documents and settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-12-06 1248360]
"MusicManager"="c:\documents and settings\sharon\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2012-10-22 7356928]
"GoogleChromeAutoLaunch_65B68F2A14D8870A2AE39DA3D9784B74"="c:\documents and settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-12-06 1248360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-09-29 12105344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-11-01 296096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-03 1406248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
c:\documents and settings\sharon\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\The Print Shop 23.1\Remind.exe [2010-6-21 344064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^sharon^Start Menu^Programs^Startup^Seagate NA0JGNRB Product Registration.lnk]
path=c:\documents and settings\sharon\Start Menu\Programs\Startup\Seagate NA0JGNRB Product Registration.lnk
backup=c:\windows\pss\Seagate NA0JGNRB Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-24 04:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 22:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]
2012-09-29 04:44 12105344 ----a-w- c:\program files\Microsoft Lync\communicator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-23 05:10 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-11-08 07:56 166424 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-11-08 07:56 141848 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-11-08 07:56 137752 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 03:57 16855552 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-10-11 03:04 1826816 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Documents and Settings\\sharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\sharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Lync\\communicator.exe"=
"c:\\Program Files\\Microsoft Lync\\UcMapi.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [5/8/2006 9:46 AM 4064]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/15/2012 8:39 AM 251560]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/16/2012 1:38 PM 399432]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [11/15/2012 8:39 AM 160576]
R2 ReplicaSysMon;Seagate Replica System Monitor;c:\program files\Seagate Replica\bin\ReplicaSysMon.exe [3/31/2011 11:46 AM 416208]
R2 Seagate-Replica-Svc;Seagate Replica Service;c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe [3/31/2011 11:46 AM 1947600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/16/2012 1:38 PM 22856]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [11/15/2012 8:37 AM 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [11/15/2012 8:37 AM 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [11/15/2012 8:37 AM 125248]
S0 jrvtbk;jrvtbk;c:\windows\system32\drivers\tguv.sys --> c:\windows\system32\drivers\tguv.sys [?]
S0 pkixkats;pkixkats;c:\windows\system32\drivers\uijs.sys --> c:\windows\system32\drivers\uijs.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/16/2012 1:38 PM 676936]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 2:55 PM 39424]
S3 Ftdippk2sacs;Ftdippk2sacs; [x]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [11/15/2012 8:37 AM 57536]
S3 Pdrprsp;Pdrprsp; [x]
S3 RDID1059;Cakewalk Music Connector 1;c:\windows\system32\drivers\Rdwm1059.sys [10/21/2006 5:24 PM 66674]
S3 Wptaontfhm;Wptaontfhm; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 16:55]
.
2012-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 23:47]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 23:47]
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004Core.job
- c:\documents and settings\sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-26 01:55]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004UA.job
- c:\documents and settings\sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-26 01:55]
.
2012-12-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 01:25]
.
2012-12-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-790525478-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
2012-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-790525478-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab?
FF - ProfilePath - c:\documents and settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-tyc8
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - ExtSQL: 2012-11-01 09:13; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2012-11-02 07:35; fmconverter@gmail.com; c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2009-09-02 06:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-09 11:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Seagate-Replica-Svc]
"ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5428)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
c:\program files\Seagate Replica\bin\Seagate-Replica-Tray.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2012-12-09 11:47:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-09 19:47
.
Pre-Run: 429,299,785,728 bytes free
Post-Run: 430,907,092,992 bytes free
.
- - End Of File - - ADB36B745B17B497811E774E44D9C56B
-
Hi MrC!
Thanks for getting back to me but recently my computer has been booting up just fine. And I didn't do anything to it. Possibly coz Malwarebytes got updated again? (it's set to update automatically) I'll attach the OTL reports anyway, just in case?
-
2 days after I thought the issue was fixed, my computer took the usual 7-9 minutes to boot with the same error code 2 from before, "shell notify icon failed to perform desired action". It doesn't always show up, but it does most of the time. I PM'd a mod to reopen the old topic but haven't heard back in over a week. Seems like it occurred after a Malwarebytes update. I don't think I have a virus this time, so I'm not sure I'm posting this in the right place. Here's the old topic:
http://forums.malwarebytes.org/index.php?showtopic=118035&hl=laralara&st=0
-
Just did all that you told me to and when I checked my system restore, it was turned off again. So I turned it back on. You might want to warn people that sometimes after doing all the clean-up, the System Restore gets turned off.
Thanks again and Happy Thanksgiving!!!
-
I installed Adobe Reader XI, and then I ran Security Check again, I still get the same result.
Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Yahoo! Anti-Spy
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 9
Java SE Development Kit 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
PC Tools Firewall Plus FirewallGUI.exe
PC Tools Firewall Plus FWService.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````
-
I don't know why the Security Check keeps saying I have Adobe Reader 9, when I go to the Add/Remove Programs, I only see Adobe Reader X (10.1.4) ?
-
Hmmm, I thought I installed the latest edition of Adobe Reader. I'll try to do it again...
-
<p> </p>
<div> Results of screen317's Security Check version 0.99.54 </div>
<div> Windows XP Service Pack 3 x86 </div>
<div> Internet Explorer 8 </div>
<div>``````````````Antivirus/Firewall Check:`````````````` </div>
<div> Windows Firewall Disabled! </div>
<div>Microsoft Security Essentials </div>
<div> Antivirus up to date! </div>
<div>`````````Anti-malware/Other Utilities Check:````````` </div>
<div> Yahoo! Anti-Spy </div>
<div> Malwarebytes Anti-Malware version 1.65.1.1000 </div>
<div> JavaFX 2.1.1 </div>
<div> Java 7 Update 9 </div>
<div> Java SE Development Kit 7 Update 9 </div>
<div> Adobe Flash Player <span class="Apple-tab-span" style="white-space:pre"> </span>11.4.402.287 </div>
<div> Adobe Reader 9 Adobe Reader out of Date! </div>
<div> Mozilla Firefox (16.0.2) </div>
<div>````````Process Check: objlist.exe by Laurent```````` </div>
<div> Microsoft Security Essentials MSMpEng.exe </div>
<div> Microsoft Security Essentials msseces.exe </div>
<div> Malwarebytes Anti-Malware mbamservice.exe </div>
<div> Malwarebytes Anti-Malware mbamgui.exe </div>
<div> Malwarebytes' Anti-Malware mbamscheduler.exe </div>
<div> PC Tools Firewall Plus FirewallGUI.exe </div>
<div> PC Tools Firewall Plus FWService.exe </div>
<div>`````````````````System Health check````````````````` </div>
<div> Total Fragmentation on Drive C:: 1% </div>
<div>````````````````````End of Log`````````````````````` </div>
<div> </div>
-
I've restarted the PC 10 times now successfully, I think it's safe to say that the error code is gone. I suppose I should uninstall ComboFix and OTL?
Is there anything I can do to prevent this from happening again?
-
Looks like you fixed it! (so far) I've restarted the computer 4 times already and I haven't gotten an error code, and it boots very quickly now. I will keep you posted.
Thanks so much MrC!
-
ComboFix 12-11-20.02 - sharon 11/20/2012 8:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1049 [GMT -8:00]
Running from: c:\documents and settings\sharon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\_ctypes.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\_elementtree.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\_hashlib.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\_socket.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\_ssl.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\pyexpat.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\pysqlite2._sqlite.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\python26.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\pythoncom26.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\PyWinTypes26.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\select.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\unicodedata.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32api.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32com.shell.shell.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32crypt.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32event.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32file.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32inet.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32pdh.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32process.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32profile.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32security.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\win32ts.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\windows._cacheinvalidation.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._controls_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._core_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._gdi_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._html2.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._misc_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._windows_.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wx._wizard.pyd
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wxbase293u_net_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wxbase293u_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wxmsw293u_adv_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wxmsw293u_core_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wxmsw293u_html_vc.dll
c:\docume~1\sharon\LOCALS~1\Temp\_MEI40282\wxmsw293u_webview_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\_ctypes.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\_elementtree.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\_hashlib.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\_socket.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\_ssl.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\pyexpat.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\pysqlite2._sqlite.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\python26.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\pythoncom26.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\PyWinTypes26.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\select.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\unicodedata.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32api.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32com.shell.shell.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32crypt.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32event.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32file.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32inet.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32pdh.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32process.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32profile.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32security.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\win32ts.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\windows._cacheinvalidation.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._controls_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._core_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._gdi_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._html2.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._misc_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._windows_.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wx._wizard.pyd
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wxbase293u_net_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wxbase293u_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wxmsw293u_adv_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wxmsw293u_core_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wxmsw293u_html_vc.dll
c:\documents and settings\sharon\Local Settings\temp\_MEI40282\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))))
.
.
2012-11-19 21:51 . 2012-11-19 21:51 -------- d-----w- c:\documents and settings\sharon\Local Settings\Application Data\Programs
2012-11-19 04:53 . 2012-11-19 04:53 -------- d-----w- c:\documents and settings\sharon\Local Settings\Application Data\Nero
2012-11-19 04:52 . 2012-11-19 04:52 -------- d-----w- c:\documents and settings\sharon\Application Data\Nero
2012-11-19 04:40 . 2012-11-19 04:59 -------- d-----w- c:\program files\Nero
2012-11-19 04:39 . 2012-11-19 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2012-11-19 04:23 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-11-19 04:23 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-11-19 04:22 . 2008-10-15 14:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-11-19 04:22 . 2007-07-20 02:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-11-16 21:38 . 2012-09-30 03:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 21:38 . 2012-11-16 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-16 15:38 . 2012-11-16 15:38 -------- d-----w- C:\_OTL
2012-11-15 23:32 . 2012-11-15 23:32 -------- d-----w- c:\documents and settings\sharon\Application Data\Malwarebytes
2012-11-15 23:32 . 2012-11-15 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-15 16:51 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-11-15 16:51 . 2012-11-15 16:51 -------- d-----w- C:\0d061fbcac79d09e9bb124cf52ce
2012-11-15 16:45 . 2012-11-15 16:46 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-15 16:41 . 2012-11-15 16:41 -------- d-----w- c:\documents and settings\sharon\Application Data\PCToolsFirewallPlus
2012-11-15 16:39 . 2011-03-02 20:40 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-11-15 16:39 . 2010-03-29 19:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-11-15 16:39 . 2011-01-17 17:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-11-15 16:37 . 2012-11-20 17:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2012-11-15 16:37 . 2012-11-15 16:39 -------- d-----w- c:\program files\Common Files\PC Tools
2012-11-15 16:37 . 2011-01-12 18:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-11-15 16:37 . 2010-07-08 16:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2012-11-15 16:37 . 2010-02-05 16:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-11-15 16:37 . 2011-01-17 16:11 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-11-15 16:37 . 2012-11-15 16:41 -------- d-----w- c:\program files\PC Tools Firewall Plus
2012-11-15 06:44 . 2012-11-15 06:44 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-02 14:35 . 2012-11-02 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake
2012-11-02 14:34 . 2012-11-02 14:35 -------- d-----w- c:\program files\Freemake
2012-11-01 16:19 . 2012-04-09 07:40 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-11-01 16:13 . 2012-11-01 16:13 -------- d-----w- c:\program files\Common Files\xing shared
2012-11-01 15:47 . 2012-11-01 15:47 -------- d-----w- c:\documents and settings\sharon\Application Data\Digiarty
2012-11-01 15:47 . 2012-11-01 15:47 -------- d-----w- c:\program files\Digiarty
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 06:44 . 2008-10-25 16:59 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-15 06:44 . 2012-07-24 03:50 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-15 06:44 . 2010-08-13 02:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-08 18:00 . 2012-11-20 06:53 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F046AAC1-CB4C-43E4-A4B7-93B886C7E4AD}\mpengine.dll
2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-17 09:32 . 2012-11-19 04:38 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-10 07:22 . 2012-05-05 16:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 07:22 . 2011-05-21 01:52 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 07:22 . 2012-10-10 06:22 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-21 14:50 . 2012-09-14 16:47 105088 ----a-w- c:\windows\system32\drivers\av5flt.sys
2012-08-31 06:03 . 2012-08-31 06:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-11-06 19:52 . 2012-11-06 19:51 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn9\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-10-25 16052192]
"12F9BEC1EC6BE2D5615C75033DB928BBBB2922E8._service_run"="c:\documents and settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-11-14 1248360]
"MusicManager"="c:\documents and settings\sharon\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2012-10-22 7356928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-09-29 12105344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-11-01 296096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-03 1406248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
c:\documents and settings\sharon\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^sharon^Start Menu^Programs^Startup^Seagate NA0JGNRB Product Registration.lnk]
path=c:\documents and settings\sharon\Start Menu\Programs\Startup\Seagate NA0JGNRB Product Registration.lnk
backup=c:\windows\pss\Seagate NA0JGNRB Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 22:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]
2012-09-29 04:44 12105344 ----a-w- c:\program files\Microsoft Lync\communicator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-23 05:10 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-11-08 07:56 166424 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-11-08 07:56 141848 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-11-08 07:56 137752 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 03:57 16855552 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-10-11 03:04 1826816 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Documents and Settings\\sharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\sharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Lync\\communicator.exe"=
"c:\\Program Files\\Microsoft Lync\\UcMapi.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [5/8/2006 9:46 AM 4064]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/15/2012 8:39 AM 251560]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/16/2012 1:38 PM 399432]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [11/15/2012 8:39 AM 160576]
R2 ReplicaSysMon;Seagate Replica System Monitor;c:\program files\Seagate Replica\bin\ReplicaSysMon.exe [3/31/2011 11:46 AM 416208]
R2 Seagate-Replica-Svc;Seagate Replica Service;c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe [3/31/2011 11:46 AM 1947600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/16/2012 1:38 PM 22856]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [11/15/2012 8:37 AM 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [11/15/2012 8:37 AM 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [11/15/2012 8:37 AM 125248]
S0 jrvtbk;jrvtbk;c:\windows\system32\drivers\tguv.sys --> c:\windows\system32\drivers\tguv.sys [?]
S0 pkixkats;pkixkats;c:\windows\system32\drivers\uijs.sys --> c:\windows\system32\drivers\uijs.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/16/2012 1:38 PM 676936]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 2:55 PM 39424]
S3 Ftdippk2sacs;Ftdippk2sacs; [x]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [11/15/2012 8:37 AM 57536]
S3 Pdrprsp;Pdrprsp; [x]
S3 RDID1059;Cakewalk Music Connector 1;c:\windows\system32\drivers\Rdwm1059.sys [10/21/2006 5:24 PM 66674]
S3 Wptaontfhm;Wptaontfhm; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 07:22]
.
2012-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 23:47]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 23:47]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004Core.job
- c:\documents and settings\sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-26 01:55]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004UA.job
- c:\documents and settings\sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-26 01:55]
.
2012-11-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 01:25]
.
2012-11-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-790525478-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
2012-11-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-790525478-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab?
FF - ProfilePath - c:\documents and settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-tyc8
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - ExtSQL: 2012-11-01 09:13; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2012-11-02 07:35; fmconverter@gmail.com; c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2009-09-02 06:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-20 09:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Seagate-Replica-Svc]
"ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
c:\program files\Seagate Replica\bin\Seagate-Replica-Tray.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2012-11-20 09:42:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-20 17:42
.
Pre-Run: 433,571,880,960 bytes free
Post-Run: 434,471,247,872 bytes free
.
- - End Of File - - EC42DFE41B905D008659F9C3164152DD
MrC, I'm getting an error code 2 again
in Resolved Malware Removal Logs
Posted
Ok, I understand, thank you so much for trying !!!