Jump to content

TD5

Honorary Members
  • Posts

    34
  • Joined

  • Last visited

Everything posted by TD5

  1. i have found the culprit. I removed SPYBOT. No trouble shooting involved. Read some bad things about Spybot so I removed it. Since then no problem.
  2. I've deleted the registry entries as suggested. Let's see what happens. Thank you. Could I ask you, briefly , what is the compatability mode, and how would it be switched on for these apps?
  3. Firefox, as requested. Thanks for the help. Things I have done. I have run Malwarebytes, Malwarebytes rootkit, disabled HOSTS, and spybot. I am not running out of page file. Once restarted all apps fun fine. FRST.txt Addition.txt CheckResults.txt
  4. Recently, about 2 months ago, I first experienced Micorsoft Outlook starting and then abruptly closing saying it encoutered a problem. Upon restarting, it ran fine with no further incident. Then it started happening to Microsoft Work, Irfanview, Quicken and others. Malwarebytes has picked up nothing. I also run SuperAntispyware frequently and it has detected nothing. I've Googled the problem but have not come up with a match to my problem. It appears there are a host of "Outlook has to shut down... " problems specific to Outlook but not anything like what I am experiencing in that most all my applications are affected. I am running Windows XP SP3 which I've kept updated. I do not use any anti-virus, but do have Windows Firewall running. Otherwise my system appears to be running fine. Any thoughts that this may be caused by malware, or how to identifty what is going on would be appreciated. TIA
  5. So, WinPatrol was complaining about the same thing but couldn't fix it. And the repeated attempts were what I was seeing. By clearing out the HOSTS file the problem was resolved. Thanks for the help, just used Paypal to send you a few bucks. TD5
  6. Kahdah: Please help understand. What did you do to stop whoever or what ever was trying to change the HOSTS file. Or was there a bad HOSTS file entry that somehow got in there (I may not have had WinPatrol installed or turned on) and was causing the problem when a regularly scheduled routine was running and accessed HOSTS? When you had me delete the HOSTS file the problem then was eliminated? TD5
  7. Kahdah: Did as requested. It looks like WinPatrol warnings about HOSTS file entries have stopped. After about 10 minutes, I used HostsMan update to populate the HOSTS file. I then got a single WinPatrol warning which I accepted. So far no further warnings. Could you tell me what was causing the repeated WinPatrol warnings about an attempted HOSTS file entry? What did you see? TD 5 It looks like the frequently appearing warnings from WinPatrol have stopped.
  8. Kahdah: I turned on WinPatrol and within minutes I received the warning that an attempt to add to the HOSTS file is being made. So I allowed it then checked HOSTS and there was no new entry just the two that remained after resetting HOSTS. TD5
  9. I exited Winpatrol and ran both again. I then checked HOSTS and it was empty except for two entries. Then did the second OTL request. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL logfile created on: 10/16/2010 2:17:12 PM - Run 4 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\T Duprex\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 136.85 Gb Total Space | 109.18 Gb Free Space | 79.78% Space Free | Partition Type: NTFS Drive D: | 11.65 Gb Total Space | 11.59 Gb Free Space | 99.47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 24.41 Gb Total Space | 21.80 Gb Free Space | 89.30% Space Free | Partition Type: NTFS H: Drive not present or media not loaded Drive I: | 251.47 Mb Total Space | 120.16 Mb Free Space | 47.78% Space Free | Partition Type: FAT Computer Name: ACER_PENT Current User Name: T Duprex Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\T Duprex\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.) PRC - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.) PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eLock\LockServ.exe () PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.) PRC - C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company) PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys) PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS) PRC - G:\Program Files\Winkey\WinKey.exe () ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\T Duprex\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvwimg.dll () MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) ========== Win32 Services (SafeList) ========== SRV - (WUSB54GCSVC) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe File not found SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.) SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.) SRV - (AdobeActiveFileMonitor5.0) -- g:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (LockServ) -- C:\Acer\Empowering Technology\eLock\LockServ.exe () SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.) SRV - (AWService) -- C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company) SRV - (Acer ODDSpeedControl) -- C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe (TODO: <????>) SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (rrSpy) -- C:\WINDOWS\System32\drivers\rrSpy.sys File not found DRV - (catchme) -- C:\DOCUME~1\TDUPRE~1\LOCALS~1\Temp\catchme.sys File not found DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab) DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab) DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis) DRV - (scsiscan) -- C:\WINDOWS\system32\drivers\scsiscan.sys (Microsoft Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (DefragFS) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.) DRV - (tvicport) -- C:\WINDOWS\system32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (int15) -- C:\WINDOWS\system32\drivers\int15.sys () DRV - (zntport) -- C:\WINDOWS\system32\drivers\zntport.sys (Zeal SoftStudio) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (eLock2FSCTLDriver) -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys (Windows ® 2000 DDK provider) DRV - (eLock2BurnerLockDriver) -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys (Windows ® 2000 DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (psdfilter) -- C:\WINDOWS\system32\drivers\psdfilter.sys (HiTRUST) DRV - (psdvdisk) -- C:\WINDOWS\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation) DRV - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider) DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) DRV - (ICDUSB2) Sony IC Recorder (P) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys (Sony Corporation) DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:57:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2010/02/07 10:24:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/04 17:12:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 20:40:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/15 22:05:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/10/02 15:02:00 | 000,000,000 | ---D | M] [2008/09/05 00:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Extensions [2008/09/05 00:10:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/10/15 20:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions [2010/08/28 21:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010/04/27 07:04:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/01/17 21:48:30 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2010/10/12 21:17:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/06/18 06:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010/05/31 09:30:50 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/06/27 10:21:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/02/22 02:04:40 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2009/09/08 22:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\support@lastpass(2).com [2010/10/15 20:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/09/16 20:40:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/04/26 19:50:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/26 20:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010/09/16 20:40:41 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/09/16 20:40:41 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007/03/27 21:59:43 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2010/09/16 20:40:43 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2010/09/22 18:10:52 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010/02/07 10:24:02 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2010/02/07 10:24:13 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2010/02/07 10:23:52 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2009/09/03 19:58:32 | 008,443,120 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll [2010/03/29 08:53:22 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll [2009/09/03 19:37:30 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll [2009/09/03 19:58:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll [2010/03/12 09:03:12 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/03/12 09:03:12 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/03/12 09:03:12 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/03/12 09:03:12 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/03/12 09:03:12 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/03/12 09:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/03/12 09:03:12 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/10/16 14:15:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/05/16 08:04:00 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/c...ls/pctuneup.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/0/5...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1222599322578 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.132.4 66.189.132.20 24.217.0.55 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - C:\WINDOWS\System32\GTGina.dll (Gemtek) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/04/26 09:39:58 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/10/02 22:44:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/10/02 22:44:43 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/10/02 22:44:44 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/10/02 22:44:46 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT ] O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found O33 - MountPoints2\{f4c29402-d697-11dd-ae94-0019214df2c4}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found O34 - HKLM BootExecute: (autocheck pdboot.exe) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/10/15 22:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Wayside [2010/10/14 13:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2010/10/12 18:54:33 | 000,000,000 | ---D | C] -- C:\_OTL [2010/10/03 06:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Gmer [2010/10/03 06:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Malware Assist [2010/10/03 05:23:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\T Duprex\Desktop\OTL.exe [2010/10/02 22:44:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010/10/02 05:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups [2010/09/26 07:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\LaQuinta [2010/09/19 21:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adds Its classified [2006/12/07 11:37:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== [2010/10/16 14:15:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010/10/16 14:02:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/10/16 14:02:16 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/10/16 14:02:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/10/16 14:01:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/10/16 14:01:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/16 14:01:55 | 2145,894,400 | -HS- | M] () -- C:\hiberfil.sys [2010/10/16 09:55:40 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\T Duprex\ntuser.dat [2010/10/16 09:55:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\T Duprex\ntuser.ini [2010/10/15 22:23:34 | 000,000,216 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2010/10/15 07:51:38 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\T Duprex\My Documents\Password 10-15-10.apw [2010/10/15 07:51:38 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Password 10-15-10.apw [2010/10/15 07:50:54 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\T Duprex\My Documents\Password 04-22-10.apw [2010/10/14 05:01:18 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/14 04:55:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/10/14 03:08:28 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/13 22:37:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/10/13 11:32:04 | 002,605,056 | ---- | M] () -- C:\WINDOWS\outlook.pst [2010/10/13 10:16:32 | 000,000,920 | ---- | M] () -- C:\WINDOWS\win.ini [2010/10/13 06:52:42 | 000,007,804 | ---- | M] () -- C:\WINDOWS\extend.dat [2010/10/13 06:51:50 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\T Duprex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk [2010/10/03 05:23:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\T Duprex\Desktop\OTL.exe [2010/10/02 22:43:45 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Flash_Disinfector.exe [2010/10/02 12:06:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/10/02 05:43:12 | 004,416,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak [2010/10/01 10:20:10 | 000,019,252 | ---- | M] () -- C:\WINDOWS\OutlPrnt [2010/09/24 03:55:06 | 000,023,474 | ---- | M] () -- C:\WINDOWS\fixed pst.FAV [2010/09/24 03:18:09 | 000,032,768 | ---- | M] () -- C:\WINDOWS\mailbox.PAB [2010/09/24 03:12:48 | 000,005,850 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2010/09/19 20:59:26 | 128,771,551 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Mary 9-16-10.mp3 [2010/09/19 20:59:26 | 128,771,551 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mary 9-16-10.mp3 [2010/09/19 20:32:29 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\House List Sort 3.xls [2010/09/19 19:37:24 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2010/09/19 01:27:08 | 000,004,704 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll [2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll [2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll [2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll [2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll ========== Files Created - No Company Name ========== [2010/10/15 07:52:11 | 000,009,574 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Password 10-15-10.apw [2010/10/15 07:51:37 | 000,009,574 | ---- | C] () -- C:\Documents and Settings\T Duprex\My Documents\Password 10-15-10.apw [2010/10/14 17:29:57 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/10/13 06:51:50 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\T Duprex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk [2010/10/02 22:43:44 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Flash_Disinfector.exe [2010/10/02 12:06:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/09/29 18:18:10 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\T Duprex\ntuser.dat [2010/09/24 03:55:06 | 000,023,474 | ---- | C] () -- C:\WINDOWS\fixed pst.FAV [2010/09/19 21:05:54 | 128,771,551 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mary 9-16-10.mp3 [2010/09/19 20:47:23 | 128,771,551 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Mary 9-16-10.mp3 [2010/09/19 20:44:09 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\House List Sort 3.xls [2010/09/17 01:16:42 | 1150,237,070 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Latest Sam Lesson.wav [2010/04/15 19:55:27 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\ir41_32O.dll [2009/10/18 12:52:46 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009/09/21 08:02:53 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\xrxscnui.dll [2009/08/15 14:07:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/07/31 20:47:14 | 000,000,063 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/07/15 21:43:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\T Duprex\Application Data\AVSDVDPlayer.m3u [2009/07/15 21:40:51 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/07/15 21:40:51 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/01/11 10:07:54 | 000,000,253 | ---- | C] () -- C:\WINDOWS\NGMAD70.INI [2008/09/16 08:36:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2008/09/16 08:32:42 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll [2008/09/16 08:32:42 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini [2008/09/16 08:32:42 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini [2008/09/16 08:32:42 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini [2008/09/16 08:31:12 | 000,000,268 | ---- | C] () -- C:\WINDOWS\EPSON 2450 Installer.ini [2008/08/18 06:40:30 | 000,000,074 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI [2008/08/05 17:00:17 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2007/10/04 05:53:37 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/09/26 05:55:02 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/09/26 05:55:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini [2007/08/06 19:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI [2007/08/06 19:24:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll [2007/08/06 19:24:53 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll [2007/08/06 19:24:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll [2007/03/20 22:17:37 | 000,000,035 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2007/02/10 17:13:19 | 000,000,216 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2007/02/10 17:13:19 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2007/02/10 17:13:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2007/02/10 17:13:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2007/02/10 17:13:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2007/02/10 17:13:12 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2007/02/10 17:13:11 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI [2007/02/10 17:12:57 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2007/02/10 17:12:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PtrcENG.dll [2007/01/05 17:45:28 | 000,010,242 | ---- | C] () -- C:\WINDOWS\MSUMLT_C.ini [2007/01/01 03:38:51 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp_bmp.bmp [2007/01/01 01:42:24 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MICRX.TNI [2007/01/01 01:42:03 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pict_datax [2007/01/01 01:42:03 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\datax [2006/12/27 02:14:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/12/25 00:34:36 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dedea9_g.dll [2006/12/24 18:08:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI [2006/12/23 01:09:05 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/12/22 14:38:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2006/12/22 14:38:35 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI [2006/12/07 11:43:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll [2006/12/07 11:41:03 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\fusioncache.dat [2006/12/07 11:40:57 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini [2006/12/07 11:40:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys [2006/12/07 11:40:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys [2006/12/07 11:37:21 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll [2006/07/19 22:11:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/07/19 22:08:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2006/06/22 19:25:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll [2006/06/22 19:02:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2006/06/21 18:11:38 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2006/04/27 20:47:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/04/27 20:47:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/04/27 20:47:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/04/27 20:47:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/04/27 20:47:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/04/27 20:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/04/27 20:47:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/04/12 18:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll [2006/03/08 21:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll [2006/03/08 21:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2005/11/10 15:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys [2005/10/30 22:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/10/25 19:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/07/12 18:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2005/06/27 19:12:58 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2004/08/04 01:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/03/23 20:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2002/07/08 22:44:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll [2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report >
  10. As requested: First OTL result: ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.14.1 log created on 10152010_213657 Followup Scan Result: OTL logfile created on: 10/15/2010 9:45:01 PM - Run 3 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\T Duprex\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 136.85 Gb Total Space | 109.21 Gb Free Space | 79.80% Space Free | Partition Type: NTFS Drive D: | 11.65 Gb Total Space | 11.59 Gb Free Space | 99.47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 24.41 Gb Total Space | 21.80 Gb Free Space | 89.30% Space Free | Partition Type: NTFS H: Drive not present or media not loaded Drive I: | 251.47 Mb Total Space | 120.16 Mb Free Space | 47.78% Space Free | Partition Type: FAT Computer Name: ACER_PENT Current User Name: T Duprex Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\T Duprex\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.) PRC - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.) PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eLock\LockServ.exe () PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.) PRC - C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company) PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys) PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS) PRC - C:\Program Files\Brownie\BRNIPMON.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Brownie\BrStsWnd.exe (brother) PRC - G:\Program Files\Winkey\WinKey.exe () ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\T Duprex\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios) MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvwimg.dll () MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) ========== Win32 Services (SafeList) ========== SRV - (WUSB54GCSVC) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe File not found SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.) SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.) SRV - (AdobeActiveFileMonitor5.0) -- g:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (LockServ) -- C:\Acer\Empowering Technology\eLock\LockServ.exe () SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.) SRV - (AWService) -- C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company) SRV - (Acer ODDSpeedControl) -- C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe (TODO: <????>) SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (rrSpy) -- C:\WINDOWS\System32\drivers\rrSpy.sys File not found DRV - (catchme) -- C:\DOCUME~1\TDUPRE~1\LOCALS~1\Temp\catchme.sys File not found DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab) DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab) DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis) DRV - (scsiscan) -- C:\WINDOWS\system32\drivers\scsiscan.sys (Microsoft Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (DefragFS) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.) DRV - (tvicport) -- C:\WINDOWS\system32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (int15) -- C:\WINDOWS\system32\drivers\int15.sys () DRV - (zntport) -- C:\WINDOWS\system32\drivers\zntport.sys (Zeal SoftStudio) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (eLock2FSCTLDriver) -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys (Windows ® 2000 DDK provider) DRV - (eLock2BurnerLockDriver) -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys (Windows ® 2000 DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (psdfilter) -- C:\WINDOWS\system32\drivers\psdfilter.sys (HiTRUST) DRV - (psdvdisk) -- C:\WINDOWS\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation) DRV - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider) DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) DRV - (ICDUSB2) Sony IC Recorder (P) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys (Sony Corporation) DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:57:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2010/02/07 10:24:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/04 17:12:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 20:40:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 20:40:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/10/02 15:02:00 | 000,000,000 | ---D | M] [2008/09/05 00:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Extensions [2008/09/05 00:10:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/10/15 20:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions [2010/08/28 21:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010/04/27 07:04:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/01/17 21:48:30 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2010/10/12 21:17:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/06/18 06:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010/05/31 09:30:50 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/06/27 10:21:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/02/22 02:04:40 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2009/09/08 22:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\support@lastpass(2).com [2010/10/15 20:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/09/16 20:40:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/04/26 19:50:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/26 20:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010/09/16 20:40:41 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/09/16 20:40:41 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007/03/27 21:59:43 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2010/09/16 20:40:43 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2010/08/13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010/02/07 10:24:02 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2010/02/07 10:24:13 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2010/02/07 10:23:52 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2009/09/03 19:58:32 | 008,443,120 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll [2010/03/29 08:53:22 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll [2009/09/03 19:37:30 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll [2009/09/03 19:58:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll [2010/03/12 09:03:12 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/03/12 09:03:12 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/03/12 09:03:12 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/03/12 09:03:12 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/03/12 09:03:12 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/03/12 09:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/03/12 09:03:12 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/10/02 05:43:12 | 004,416,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 ads.active.com O1 - Hosts: 127.0.0.1 am1.activemeter.com O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper] O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ad2games.com O1 - Hosts: 127.0.0.1 cms.ad2click.nl O1 - Hosts: 127.0.0.1 ads.ad2games.com O1 - Hosts: 127.0.0.1 content.ad20.net O1 - Hosts: 127.0.0.1 core.ad20.net O1 - Hosts: 127.0.0.1 as.ad611.com O1 - Hosts: 137800 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/05/16 08:04:00 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/c...ls/pctuneup.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/0/5...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1222599322578 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.132.4 66.189.132.20 24.217.0.55 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - C:\WINDOWS\System32\GTGina.dll (Gemtek) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/04/26 09:39:58 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/10/02 22:44:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/10/02 22:44:43 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/10/02 22:44:44 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/10/02 22:44:46 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT ] O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found O33 - MountPoints2\{f4c29402-d697-11dd-ae94-0019214df2c4}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found O34 - HKLM BootExecute: (autocheck pdboot.exe) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/10/15 03:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\MALWARE DOWNLOADS [2010/10/14 13:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2010/10/13 06:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\HOUSE crao [2010/10/12 18:54:33 | 000,000,000 | ---D | C] -- C:\_OTL [2010/10/03 06:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Gmer [2010/10/03 06:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Malware Assist [2010/10/03 05:23:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\T Duprex\Desktop\OTL.exe [2010/10/02 22:44:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010/10/02 05:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups [2010/09/26 07:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\LaQuinta [2010/09/19 21:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adds Its classified [2006/12/07 11:37:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== [2010/10/15 21:42:40 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\T Duprex\ntuser.dat [2010/10/15 21:26:15 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2010/10/15 21:13:04 | 003,586,976 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Title 5 Inspection174 Wayside.pdf [2010/10/15 21:04:13 | 000,206,294 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Executed P&S-174 Wayside.pdf [2010/10/15 16:58:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/10/15 16:58:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/10/15 16:58:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/10/15 16:58:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/10/15 16:58:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/15 16:58:29 | 2145,894,400 | -HS- | M] () -- C:\hiberfil.sys [2010/10/15 11:17:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\T Duprex\ntuser.ini [2010/10/15 07:51:38 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\T Duprex\My Documents\Password 10-15-10.apw [2010/10/15 07:51:38 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Password 10-15-10.apw [2010/10/15 07:50:54 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\T Duprex\My Documents\Password 04-22-10.apw [2010/10/14 05:01:18 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/14 04:55:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/10/14 03:08:28 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/13 22:37:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/10/13 11:32:04 | 002,605,056 | ---- | M] () -- C:\WINDOWS\outlook.pst [2010/10/13 10:16:32 | 000,000,920 | ---- | M] () -- C:\WINDOWS\win.ini [2010/10/13 06:52:42 | 000,007,804 | ---- | M] () -- C:\WINDOWS\extend.dat [2010/10/13 06:51:50 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\T Duprex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk [2010/10/03 06:17:33 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\gmer.zip [2010/10/03 05:23:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\T Duprex\Desktop\OTL.exe [2010/10/02 22:43:45 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Flash_Disinfector.exe [2010/10/02 12:06:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/10/02 05:43:12 | 004,416,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak [2010/10/02 05:43:12 | 004,416,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010/10/01 10:20:10 | 000,019,252 | ---- | M] () -- C:\WINDOWS\OutlPrnt [2010/09/24 03:55:06 | 000,023,474 | ---- | M] () -- C:\WINDOWS\fixed pst.FAV [2010/09/24 03:18:09 | 000,032,768 | ---- | M] () -- C:\WINDOWS\mailbox.PAB [2010/09/24 03:12:48 | 000,005,850 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2010/09/19 20:59:26 | 128,771,551 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Mary 9-16-10.mp3 [2010/09/19 20:59:26 | 128,771,551 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mary 9-16-10.mp3 [2010/09/19 20:32:29 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\House List Sort 3.xls [2010/09/19 19:37:24 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2010/09/19 01:27:08 | 000,004,704 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll [2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll [2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll [2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll [2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010/09/15 22:49:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\T Duprex\Application Data\AVSDVDPlayer.m3u ========== Files Created - No Company Name ========== [2010/10/15 21:13:03 | 003,586,976 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Title 5 Inspection174 Wayside.pdf [2010/10/15 21:04:12 | 000,206,294 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Executed P&S-174 Wayside.pdf [2010/10/15 07:52:11 | 000,009,574 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Password 10-15-10.apw [2010/10/15 07:51:37 | 000,009,574 | ---- | C] () -- C:\Documents and Settings\T Duprex\My Documents\Password 10-15-10.apw [2010/10/14 17:29:57 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/10/13 06:51:50 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\T Duprex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk [2010/10/03 06:17:32 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\gmer.zip [2010/10/02 22:43:44 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Flash_Disinfector.exe [2010/10/02 12:06:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/09/29 18:18:10 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\T Duprex\ntuser.dat [2010/09/24 03:55:06 | 000,023,474 | ---- | C] () -- C:\WINDOWS\fixed pst.FAV [2010/09/19 21:05:54 | 128,771,551 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mary 9-16-10.mp3 [2010/09/19 20:47:23 | 128,771,551 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Mary 9-16-10.mp3 [2010/09/19 20:44:09 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\House List Sort 3.xls [2010/09/17 01:16:42 | 1150,237,070 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Latest Sam Lesson.wav [2010/04/15 19:55:27 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\ir41_32O.dll [2009/10/18 12:52:46 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009/09/21 08:02:53 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\xrxscnui.dll [2009/08/15 14:07:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/07/31 20:47:14 | 000,000,063 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/07/15 21:43:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\T Duprex\Application Data\AVSDVDPlayer.m3u [2009/07/15 21:40:51 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/07/15 21:40:51 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/01/11 10:07:54 | 000,000,253 | ---- | C] () -- C:\WINDOWS\NGMAD70.INI [2008/09/16 08:36:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2008/09/16 08:32:42 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll [2008/09/16 08:32:42 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini [2008/09/16 08:32:42 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini [2008/09/16 08:32:42 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini [2008/09/16 08:31:12 | 000,000,268 | ---- | C] () -- C:\WINDOWS\EPSON 2450 Installer.ini [2008/08/18 06:40:30 | 000,000,074 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI [2008/08/05 17:00:17 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2007/10/04 05:53:37 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/09/26 05:55:02 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/09/26 05:55:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini [2007/08/06 19:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI [2007/08/06 19:24:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll [2007/08/06 19:24:53 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll [2007/08/06 19:24:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll [2007/03/20 22:17:37 | 000,000,035 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2007/02/10 17:13:19 | 000,000,280 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2007/02/10 17:13:19 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2007/02/10 17:13:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2007/02/10 17:13:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2007/02/10 17:13:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2007/02/10 17:13:12 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2007/02/10 17:13:11 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI [2007/02/10 17:12:57 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2007/02/10 17:12:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PtrcENG.dll [2007/01/05 17:45:28 | 000,010,242 | ---- | C] () -- C:\WINDOWS\MSUMLT_C.ini [2007/01/01 03:38:51 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp_bmp.bmp [2007/01/01 01:42:24 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MICRX.TNI [2007/01/01 01:42:03 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pict_datax [2007/01/01 01:42:03 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\datax [2006/12/27 02:14:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/12/25 00:34:36 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dedea9_g.dll [2006/12/24 18:08:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI [2006/12/23 01:09:05 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/12/22 14:38:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2006/12/22 14:38:35 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI [2006/12/07 11:43:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll [2006/12/07 11:41:03 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\fusioncache.dat [2006/12/07 11:40:57 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini [2006/12/07 11:40:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys [2006/12/07 11:40:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys [2006/12/07 11:37:21 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll [2006/07/19 22:11:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/07/19 22:08:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2006/06/22 19:25:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll [2006/06/22 19:02:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2006/06/21 18:11:38 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2006/04/27 20:47:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/04/27 20:47:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/04/27 20:47:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/04/27 20:47:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/04/27 20:47:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/04/27 20:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/04/27 20:47:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/04/12 18:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll [2006/03/08 21:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll [2006/03/08 21:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2005/11/10 15:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys [2005/10/30 22:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/10/25 19:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/07/12 18:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2005/06/27 19:12:58 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2004/08/04 01:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/03/23 20:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2002/07/08 22:44:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll [2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report >
  11. As far as I know, this is not a custom HOSTS file. I do use Hostsman to occasionally update the HOSTS file.
  12. Kahdah: Thanks for jumping in. The only thing to report is that SpySentinal previously had asked about two files: 12345 and 12345bw. Both files were working files I created and forgot about. I deleted them both. Here is the OTL Log: OTL logfile created on: 10/15/2010 5:39:56 PM - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\T Duprex\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 136.85 Gb Total Space | 109.26 Gb Free Space | 79.84% Space Free | Partition Type: NTFS Drive D: | 11.65 Gb Total Space | 11.59 Gb Free Space | 99.47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 24.41 Gb Total Space | 21.80 Gb Free Space | 89.30% Space Free | Partition Type: NTFS H: Drive not present or media not loaded Drive I: | 251.47 Mb Total Space | 120.16 Mb Free Space | 47.78% Space Free | Partition Type: FAT Computer Name: ACER_PENT Current User Name: T Duprex Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\T Duprex\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.) PRC - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.) PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eLock\LockServ.exe () PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.) PRC - C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company) PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys) PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS) PRC - G:\Program Files\Winkey\WinKey.exe () ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\T Duprex\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios) MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvwimg.dll () MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) ========== Win32 Services (SafeList) ========== SRV - (WUSB54GCSVC) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe File not found SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.) SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.) SRV - (AdobeActiveFileMonitor5.0) -- g:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (LockServ) -- C:\Acer\Empowering Technology\eLock\LockServ.exe () SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.) SRV - (AWService) -- C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company) SRV - (Acer ODDSpeedControl) -- C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe (TODO: <????>) SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (rrSpy) -- C:\WINDOWS\System32\drivers\rrSpy.sys File not found DRV - (catchme) -- C:\DOCUME~1\TDUPRE~1\LOCALS~1\Temp\catchme.sys File not found DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab) DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab) DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis) DRV - (scsiscan) -- C:\WINDOWS\system32\drivers\scsiscan.sys (Microsoft Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (DefragFS) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.) DRV - (tvicport) -- C:\WINDOWS\system32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (int15) -- C:\WINDOWS\system32\drivers\int15.sys () DRV - (zntport) -- C:\WINDOWS\system32\drivers\zntport.sys (Zeal SoftStudio) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (eLock2FSCTLDriver) -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys (Windows ® 2000 DDK provider) DRV - (eLock2BurnerLockDriver) -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys (Windows ® 2000 DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (psdfilter) -- C:\WINDOWS\system32\drivers\psdfilter.sys (HiTRUST) DRV - (psdvdisk) -- C:\WINDOWS\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation) DRV - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider) DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) DRV - (ICDUSB2) Sony IC Recorder (P) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys (Sony Corporation) DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 20:40:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 20:40:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/10/02 15:02:00 | 000,000,000 | ---D | M] [2008/09/05 00:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Extensions [2010/10/13 19:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions [2010/08/28 21:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010/04/27 07:04:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/01/17 21:48:30 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2010/10/12 21:17:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/06/18 06:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010/05/31 09:30:50 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/06/27 10:21:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/02/22 02:04:40 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2009/09/08 22:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\support@lastpass(2).com [2010/10/13 19:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/26 19:50:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/26 20:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007/03/27 21:59:43 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2009/09/03 19:37:30 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll [2009/09/03 19:58:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll O1 HOSTS File: ([2010/10/02 05:43:12 | 004,416,855 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 ads.active.com O1 - Hosts: 127.0.0.1 am1.activemeter.com O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper] O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ad2games.com O1 - Hosts: 127.0.0.1 cms.ad2click.nl O1 - Hosts: 127.0.0.1 ads.ad2games.com O1 - Hosts: 127.0.0.1 content.ad20.net O1 - Hosts: 127.0.0.1 core.ad20.net O1 - Hosts: 127.0.0.1 as.ad611.com O1 - Hosts: 137800 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/05/16 08:04:00 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/c...ls/pctuneup.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/0/5...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1222599322578 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.132.4 66.189.132.20 24.217.0.55 O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - C:\WINDOWS\System32\GTGina.dll (Gemtek) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/04/26 09:39:58 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/10/02 22:44:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/10/02 22:44:43 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/10/02 22:44:44 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/10/02 22:44:46 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT ] O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found O33 - MountPoints2\{f4c29402-d697-11dd-ae94-0019214df2c4}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found O34 - HKLM BootExecute: (autocheck pdboot.exe) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/10/15 03:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\MALWARE DOWNLOADS [2010/10/14 13:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2010/10/13 06:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\HOUSE crao [2010/10/12 18:54:33 | 000,000,000 | ---D | C] -- C:\_OTL [2010/10/03 06:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Gmer [2010/10/03 06:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Malware Assist [2010/10/03 05:23:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\T Duprex\Desktop\OTL.exe [2010/10/02 22:44:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010/10/02 05:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups [2010/09/26 07:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\LaQuinta [2010/09/19 21:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adds Its classified [2006/12/07 11:37:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== [2010/10/15 16:58:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/10/15 16:58:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/10/15 16:58:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/10/15 16:58:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/10/15 16:58:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/15 16:58:29 | 2145,894,400 | -HS- | M] () -- C:\hiberfil.sys [2010/10/15 11:17:50 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\T Duprex\ntuser.dat [2010/10/15 11:17:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\T Duprex\ntuser.ini [2010/10/15 07:51:38 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\T Duprex\My Documents\Password 10-15-10.apw [2010/10/15 07:51:38 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Password 10-15-10.apw [2010/10/15 07:50:54 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\T Duprex\My Documents\Password 04-22-10.apw [2010/10/14 13:04:23 | 000,000,216 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2010/10/14 05:01:18 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/14 04:55:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/10/14 03:08:28 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/13 22:37:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/10/13 11:32:04 | 002,605,056 | ---- | M] () -- C:\WINDOWS\outlook.pst [2010/10/13 10:16:32 | 000,000,920 | ---- | M] () -- C:\WINDOWS\win.ini [2010/10/13 06:52:42 | 000,007,804 | ---- | M] () -- C:\WINDOWS\extend.dat [2010/10/13 06:51:50 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\T Duprex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk [2010/10/03 06:17:33 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\gmer.zip [2010/10/03 05:23:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\T Duprex\Desktop\OTL.exe [2010/10/02 22:43:45 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Flash_Disinfector.exe [2010/10/02 12:06:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/10/02 05:43:12 | 004,416,855 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2010/10/02 05:43:12 | 004,416,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak [2010/10/01 10:20:10 | 000,019,252 | ---- | M] () -- C:\WINDOWS\OutlPrnt [2010/09/24 03:55:06 | 000,023,474 | ---- | M] () -- C:\WINDOWS\fixed pst.FAV [2010/09/24 03:18:09 | 000,032,768 | ---- | M] () -- C:\WINDOWS\mailbox.PAB [2010/09/24 03:12:48 | 000,005,850 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2010/09/19 20:59:26 | 128,771,551 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Mary 9-16-10.mp3 [2010/09/19 20:59:26 | 128,771,551 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mary 9-16-10.mp3 [2010/09/19 20:32:29 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\House List Sort 3.xls [2010/09/19 19:37:24 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2010/09/19 01:27:08 | 000,004,704 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll [2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll [2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll [2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll [2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010/09/15 22:49:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\T Duprex\Application Data\AVSDVDPlayer.m3u ========== Files Created - No Company Name ========== [2010/10/15 07:52:11 | 000,009,574 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Password 10-15-10.apw [2010/10/15 07:51:37 | 000,009,574 | ---- | C] () -- C:\Documents and Settings\T Duprex\My Documents\Password 10-15-10.apw [2010/10/14 17:29:57 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/10/13 06:51:50 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\T Duprex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk [2010/10/03 06:17:32 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\gmer.zip [2010/10/02 22:43:44 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Flash_Disinfector.exe [2010/10/02 12:06:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/09/29 18:18:10 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\T Duprex\ntuser.dat [2010/09/24 03:55:06 | 000,023,474 | ---- | C] () -- C:\WINDOWS\fixed pst.FAV [2010/09/19 21:05:54 | 128,771,551 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mary 9-16-10.mp3 [2010/09/19 20:47:23 | 128,771,551 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Mary 9-16-10.mp3 [2010/09/19 20:44:09 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\House List Sort 3.xls [2010/09/17 01:16:42 | 1150,237,070 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Latest Sam Lesson.wav [2010/04/15 19:55:27 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\ir41_32O.dll [2009/10/18 12:52:46 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009/09/21 08:02:53 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\xrxscnui.dll [2009/08/15 14:07:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/07/31 20:47:14 | 000,000,063 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/07/15 21:43:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\T Duprex\Application Data\AVSDVDPlayer.m3u [2009/07/15 21:40:51 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/07/15 21:40:51 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/01/11 10:07:54 | 000,000,253 | ---- | C] () -- C:\WINDOWS\NGMAD70.INI [2008/09/16 08:36:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2008/09/16 08:32:42 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll [2008/09/16 08:32:42 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini [2008/09/16 08:32:42 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini [2008/09/16 08:32:42 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini [2008/09/16 08:31:12 | 000,000,268 | ---- | C] () -- C:\WINDOWS\EPSON 2450 Installer.ini [2008/08/18 06:40:30 | 000,000,074 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI [2008/08/05 17:00:17 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2007/10/04 05:53:37 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/09/26 05:55:02 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/09/26 05:55:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini [2007/08/06 19:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI [2007/08/06 19:24:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll [2007/08/06 19:24:53 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll [2007/08/06 19:24:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll [2007/03/20 22:17:37 | 000,000,035 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2007/02/10 17:13:19 | 000,000,216 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2007/02/10 17:13:19 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2007/02/10 17:13:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2007/02/10 17:13:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2007/02/10 17:13:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2007/02/10 17:13:12 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2007/02/10 17:13:11 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI [2007/02/10 17:12:57 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2007/02/10 17:12:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PtrcENG.dll [2007/01/05 17:45:28 | 000,010,242 | ---- | C] () -- C:\WINDOWS\MSUMLT_C.ini [2007/01/01 03:38:51 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp_bmp.bmp [2007/01/01 01:42:24 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MICRX.TNI [2007/01/01 01:42:03 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pict_datax [2007/01/01 01:42:03 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\datax [2006/12/27 02:14:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/12/25 00:34:36 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dedea9_g.dll [2006/12/24 18:08:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI [2006/12/23 01:09:05 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/12/22 14:38:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2006/12/22 14:38:35 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI [2006/12/07 11:43:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll [2006/12/07 11:41:03 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\fusioncache.dat [2006/12/07 11:40:57 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini [2006/12/07 11:40:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys [2006/12/07 11:40:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys [2006/12/07 11:37:21 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll [2006/07/19 22:11:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/07/19 22:08:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2006/06/22 19:25:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll [2006/06/22 19:02:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2006/06/21 18:11:38 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2006/04/27 20:47:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/04/27 20:47:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/04/27 20:47:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/04/27 20:47:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/04/27 20:47:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/04/27 20:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/04/27 20:47:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/04/12 18:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll [2006/03/08 21:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll [2006/03/08 21:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2005/11/10 15:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys [2005/10/30 22:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/10/25 19:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/07/12 18:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2005/06/27 19:12:58 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2004/08/04 01:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/03/23 20:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2002/07/08 22:44:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll [2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report >
  13. WinPatrol started reporting attempts to change HOSTS file about 2 weeks ago. I was working with SpySentinal on the problem but had to interrupt reporting for about 10 days while I was on the road. Since returning I've replied but SpySentinal has not responded for 3 days now. I would like to resume work on the problem. Please advise.
  14. I have returned. I ran OTL with the information you requested be pasted in. The following information was displayed after rebooting. All processes killed Error: Unable to interpret <OTL> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found> in the current context! Error: Unable to interpret <O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0> in the current context! Error: Unable to interpret <O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context! Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36> in the current context! Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]> in the current context! Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0> in the current context! Error: Unable to interpret <O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\{f4c29402-d697-11dd-ae94-0019214df2c4}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found> in the current context! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33421 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: T Duprex ->Temp folder emptied: 3314336 bytes ->Temporary Internet Files folder emptied: 129030182 bytes ->Java cache emptied: 92557 bytes ->FireFox cache emptied: 93066452 bytes ->Flash cache emptied: 25272 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 93722544 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 7998284 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 49243791 bytes Total Files Cleaned = 359.00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10122010_185433 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  15. SpySentinel: I'm back and have performed your latest request. See subsequent post.
  16. ------------------------------------------------------------------------------------------------------------------------------- Spysentinal: I have returned. I ran OTL with the information you requested be pasted in. The following information was displayed after rebooting. All processes killed Error: Unable to interpret <OTL> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found> in the current context! Error: Unable to interpret <O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0> in the current context! Error: Unable to interpret <O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context! Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36> in the current context! Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]> in the current context! Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0> in the current context! Error: Unable to interpret <O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\{f4c29402-d697-11dd-ae94-0019214df2c4}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found> in the current context! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33421 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: T Duprex ->Temp folder emptied: 3314336 bytes ->Temporary Internet Files folder emptied: 129030182 bytes ->Java cache emptied: 92557 bytes ->FireFox cache emptied: 93066452 bytes ->Flash cache emptied: 25272 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 93722544 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 7998284 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 49243791 bytes Total Files Cleaned = 359.00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10122010_185433 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  17. I am away from home. Expect to return this weekend. Will resume testing and report to you at that time. Thank you for helping.
  18. I was running GMER and requested. It was up to Windows/system32 . I turned off my modem and the program stopped and my window was frozen. I assume that my turning off the modem caused the program to lock up. GMER was running almost 6 hours uneventfully. I have to leave town for several days in a while so I will run GMER when I return and report to you. Is there a possibility the log file at this point is readable? Do you know the location?
  19. As Requested OTL Extras logfile created on: 10/3/2010 5:51:59 AM - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\T Duprex\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 136.85 Gb Total Space | 109.22 Gb Free Space | 79.81% Space Free | Partition Type: NTFS Drive D: | 11.65 Gb Total Space | 11.59 Gb Free Space | 99.47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 24.41 Gb Total Space | 21.76 Gb Free Space | 89.12% Space Free | Partition Type: NTFS H: Drive not present or media not loaded Drive I: | 251.47 Mb Total Space | 123.11 Mb Free Space | 48.96% Space Free | Partition Type: FAT Computer Name: ACER_PENT Current User Name: T Duprex Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "G:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "G:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [spaceMonger] -- "C:\Program Files\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "9999:UDP" = 9999:UDP:*:Enabled:AdminWorks UDP Port "2804:TCP" = 2804:TCP:*:Enabled:AdminWorks TCP Port "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime "{05E11ACD-08F9-4A49-8FF8-697144DDC3DE}" = Bonjour "{0CB98AC0-D691-4B21-AD3D-95982517021D}" = Acer WLAN 11g USB Dongle "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management "{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 20 "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006 "{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4771B74C-003B-4E7B-A4A0-ABB7CA342C70}" = Acer LANScope Agent "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management "{4F8D3FF1-1A21-4425-8518-4FC135FE8A92}" = Picture Window 4.0 "{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}" = SanDisk TransferMate "{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis
  20. I am in the right forum and I do need help. Please ignore my previous disregard reply.
  21. Please disregard, I just noticed I'm in the wrong forum.
  22. For the last day or so, I have been getting a report from WinPatrol "Scotty had detected ad change etc" and presents the option to accept or reject the change. I always reject the change. I have run Kasperski and Malware-Bytes Antimaware and have come up with nothing. I could use some help. Thank you.
  23. That's a wrap then. Thanks again for your help. Bye
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.