Jump to content

Recommended Posts

FF redirects to all sorts of sites- opens new tabs, etc.

Running s l o w . . .

NOTE: this has been happening on my laptop as well, but this forum helped me clean it - thank you!

Question: could one have infected the other? They are networked and occasionally I use the same external drive on each machine.

On this computer:

MBAM reports nothing (log attached)

Defogger has been run

DDS has been run (logs attached)

but, it did NOT ask to reboot the machine, I did that manually

Computer did hard reboot each time GMER was run (twice)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Charles Waugh at 6:19:30.79 on Sat 06/26/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2227 [GMT -7:00]

AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Toktumi\Toktumi.exe

C:\Documents and Settings\Charles Waugh\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\PowerPro\powerpro.exe

C:\Documents and Settings\Charles Waugh\My Documents\Downloads\ProcessExplorer\procexp.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Charles Waugh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = http=127.0.0.1:5577

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Google Update] "c:\documents and settings\charles waugh\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [ToktumiClient] c:\program files\toktumi\Toktumi.exe /m

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [six Engine] "c:\program files\asus\epu-6 engine\SixEngine.exe" -r

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\charle~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\charles waugh\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\charle~1\startm~1\programs\startup\powerpro.lnk - c:\program files\powerpro\powerpro.exe

StartupFolder: c:\docume~1\charle~1\startm~1\programs\startup\procex~1.lnk - c:\documents and settings\charles waugh\my documents\downloads\processexplorer\procexp.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logoca~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\calibrationloader\CalibrationLoader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\profil~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\ProfileReminder.exe

uPolicies-explorer: NoSMMyPictures = 01000000

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {F0F97077-275A-489A-BC8E-358980420E51} = 8.8.8.8,8.8.4.4

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\charle~1\applic~1\mozilla\firefox\profiles\wkqquzge.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\charles waugh\application data\mozilla\firefox\profiles\wkqquzge.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\documents and settings\charles waugh\application data\mozilla\firefox\profiles\wkqquzge.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\documents and settings\charles waugh\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\photodex presenter\npPxPlay.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-6-16 307280]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-16 164048]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-16 19024]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-16 40384]

R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2009-12-12 14416]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-3-17 5010288]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-16 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-16 40384]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-12-12 16168]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-27 135664]

S3 Ch2kPS2;Cherry PS/2 Keyboard Driver (CDI);c:\windows\system32\drivers\Ch2kPS2.sys [2008-1-24 130560]

S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [2009-12-12 26045]

S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]

============== File Associations ===============

.reg=Regedit.Document

=============== Created Last 30 ================

2010-06-26 13:12:11 0 ----a-w- c:\documents and settings\charles waugh\defogger_reenable

2010-06-20 14:39:06 0 d-----w- c:\program files\iPod

2010-06-20 14:39:02 0 d-----w- c:\program files\iTunes

2010-06-17 02:42:59 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2010-06-17 01:17:59 0 d-----w- C:\Avast install

2010-06-13 17:41:05 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-06-13 17:41:04 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-06-02 16:53:19 0 d-----w- c:\windows\system32\wbem\Repository

2010-05-31 15:14:57 135089 ----a-w- c:\windows\system32\nvapps.nvb

2010-05-31 15:11:31 13758464 ----a-w- c:\windows\system32\nvcpl.dll

2010-05-31 15:10:00 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation

2010-05-31 15:09:47 0 d-----w- c:\program files\NVIDIA Corporation

==================== Find3M ====================

2010-06-25 13:10:17 17666 ----a-w- c:\windows\system32\Wacom_Tablet.dat

2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-06 17:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-23 14:02:58 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll

2010-04-16 16:09:05 81920 ------w- c:\windows\system32\ieencode.dll

2010-04-16 01:53:06 56036 ---ha-w- c:\windows\system32\mlfcache.dat

2010-04-06 17:11:31 72080 ----a-w- c:\documents and settings\charles waugh\g2mdlhlpx.exe

2010-04-04 05:55:32 2183470 ----a-w- c:\windows\system32\nvdata.bin

2010-03-31 07:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-03-31 07:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2006-06-25 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 6:20:10.67 ===============

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4242

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

6/25/2010 7:35:36 PM

mbam-log-2010-06-25 (19-35-36).txt

Scan type: Quick scan

Objects scanned: 168990

Time elapsed: 20 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello chuckwa,

You asked

Question: could one have infected the other? They are networked and occasionally I use the same external drive on each machine.

Yes it is possible (under right circumstance) that a trojan can traverse the network and infected other computers.

Keep this topic strictly for -this particular pc - IF there's another, keep that out of this thread. But do run AV & MBAM scans on it.

This thread/topic is only for the system you reported on.

Step 1

1. Open Internet Explorer.

2. Click "Tools," and then click "Internet Options."

3. Click "Connections," and then click "LAN Settings."

4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.

5. Apply changes & OK

Step 2

For Firefox browser: Start Firefox. From the main FF menu, select Tools then Options.

Click the Advanced icon (far top right icon). Press the Network tab. Click on Settings button.

When see the Connections Settings window, click to select NO proxy line. Then press OK

Close/Exit/Firefox

Step 3

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Apply changes/ok. exit.

Step 4

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 5

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Step 6

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Step 7

Then copy/paste the following into your post (in order):

  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar
Link to post
Share on other sites

OTL logfile created on: 6/26/2010 9:25:35 AM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Charles Waugh\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 127.99 Gb Total Space | 40.13 Gb Free Space | 31.36% Space Free | Partition Type: NTFS

Drive D: | 1.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 465.76 Gb Total Space | 179.95 Gb Free Space | 38.64% Space Free | Partition Type: NTFS

Drive H: | 465.76 Gb Total Space | 141.18 Gb Free Space | 30.31% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Drive J: | 698.64 Gb Total Space | 41.56 Gb Free Space | 5.95% Space Free | Partition Type: NTFS

Drive V: | 372.61 Gb Total Space | 82.06 Gb Free Space | 22.02% Space Free | Partition Type: NTFS

Drive X: | 698.64 Gb Total Space | 30.61 Gb Free Space | 4.38% Space Free | Partition Type: NTFS

Computer Name: OFFICE

Current User Name: Charles Waugh

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/26 09:25:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Waugh\Desktop\OTL.exe

PRC - [2010/06/14 05:16:44 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/06/14 05:16:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/05/06 13:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010/03/08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe

PRC - [2010/03/08 15:47:06 | 002,046,320 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

PRC - [2010/02/25 22:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\Dropbox\bin\Dropbox.exe

PRC - [2010/01/13 13:43:36 | 005,880,904 | ---- | M] (Toktumi) -- C:\Program Files\Toktumi\Toktumi.exe

PRC - [2009/12/12 10:24:00 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Charles Waugh\My Documents\Downloads\ProcessExplorer\procexp.exe

PRC - [2009/12/11 12:08:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2009/11/08 17:36:02 | 000,794,112 | ---- | M] ( ) -- C:\Program Files\PowerPro\powerpro.exe

PRC - [2009/08/17 23:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

PRC - [2008/11/13 23:31:50 | 005,974,528 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe

PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe

PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe

========== Modules (SafeList) ==========

MOD - [2010/06/26 09:25:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Waugh\Desktop\OTL.exe

MOD - [2009/11/08 17:36:02 | 000,082,944 | ---- | M] (ww) -- C:\Program Files\PowerPro\PPro.Dll

MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2010/03/08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV - [2009/12/11 12:08:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)

SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/05/06 13:41:12 | 000,307,280 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/05/06 13:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/05/06 13:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2010/01/24 14:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV - [2009/09/21 15:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2009/06/10 19:33:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008/11/25 01:37:50 | 004,952,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/11/21 08:10:40 | 000,082,784 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)

DRV - [2008/09/25 06:51:42 | 000,115,328 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/01/24 11:41:34 | 000,130,560 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ch2kPS2.sys -- (Ch2kPS2) Cherry PS/2 Keyboard Driver (CDI)

DRV - [2007/12/17 02:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2006/05/11 18:14:40 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pdihwctl.sys -- (PDIHWCTL)

DRV - [2005/11/25 17:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)

DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/05/07 13:02:08 | 000,026,045 | ---- | M] (GretagMacbeth) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i1.sys -- (i1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/22 20:00:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/22 20:00:43 | 000,000,000 | ---D | M]

[2009/12/12 10:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Mozilla\Extensions

[2010/06/25 10:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Mozilla\Firefox\Profiles\wkqquzge.default\extensions

[2010/01/13 22:09:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Charles Waugh\Application Data\Mozilla\Firefox\Profiles\wkqquzge.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/06/18 21:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Mozilla\Firefox\Profiles\wkqquzge.default\extensions\https-everywhere@eff.org

[2010/04/21 20:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Mozilla\Firefox\Profiles\wkqquzge.default\extensions\piclens@cooliris.com

[2010/06/25 10:22:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/20 09:00:35 | 000,101,760 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll

[2010/04/20 09:00:08 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [six Engine] C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe ()

O4 - HKCU..\Run: [ToktumiClient] C:\Program Files\Toktumi\Toktumi.exe (Toktumi)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)

O4 - Startup: C:\Documents and Settings\Charles Waugh\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Charles Waugh\Application Data\Dropbox\bin\Dropbox.exe ()

O4 - Startup: C:\Documents and Settings\Charles Waugh\Start Menu\Programs\Startup\PowerPro.lnk = C:\Program Files\PowerPro\powerpro.exe ( )

O4 - Startup: C:\Documents and Settings\Charles Waugh\Start Menu\Programs\Startup\procexp.exe.lnk = C:\Documents and Settings\Charles Waugh\My Documents\Downloads\ProcessExplorer\procexp.exe (Sysinternals - www.sysinternals.com)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FC 00 80 00 [binary data] (Microsoft Corporation)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/11 11:04:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{c57f440b-0120-11df-bc4f-00248c6efe59}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{c57f440b-0120-11df-bc4f-00248c6efe59}\Shell\Explore\command - "" = system.exe

O33 - MountPoints2\{c57f440b-0120-11df-bc4f-00248c6efe59}\Shell\Open\command - "" = system.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/26 09:25:09 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charles Waugh\Desktop\OTL.exe

[2010/06/26 09:24:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/06/26 09:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010/06/26 09:23:51 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Charles Waugh\Desktop\erunt-setup.exe

[2010/06/24 07:06:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Charles Waugh\Recent

[2010/06/22 23:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/06/22 23:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/06/22 22:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\tgesaxlrk

[2010/06/20 07:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/06/20 07:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/06/16 19:43:00 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/06/16 19:43:00 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/06/16 19:42:59 | 000,307,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2010/06/16 19:42:25 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/06/16 19:42:24 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/06/16 19:42:22 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/06/16 19:42:22 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/06/16 19:42:22 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010/06/16 19:42:03 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/06/16 19:42:03 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr

[2010/06/16 19:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/06/16 18:17:59 | 000,000,000 | ---D | C] -- C:\Avast install

[2010/06/14 15:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2010/06/13 10:41:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll

[2010/06/13 10:41:04 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll

[2010/06/02 09:29:09 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010/05/31 08:11:31 | 013,758,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll

[2010/05/31 08:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2010/05/31 08:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2010/05/28 08:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles Waugh\Application Data\Download Manager

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Charles Waugh\My Documents\*.tmp files -> C:\Documents and Settings\Charles Waugh\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/26 09:26:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/26 09:25:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Waugh\Desktop\OTL.exe

[2010/06/26 09:24:13 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Desktop\NTREGOPT.lnk

[2010/06/26 09:24:13 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Desktop\ERUNT.lnk

[2010/06/26 09:23:45 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Charles Waugh\Desktop\erunt-setup.exe

[2010/06/26 08:38:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1993962763-839522115-1003UA.job

[2010/06/26 07:03:29 | 000,004,552 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Desktop\Attach.zip

[2010/06/26 06:54:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/26 06:53:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/26 06:52:41 | 000,273,731 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/06/26 06:51:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/26 06:38:45 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Desktop\9een9824.exe

[2010/06/26 06:35:45 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/26 06:21:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Desktop\xmuxm7qr.exe

[2010/06/26 06:19:13 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Desktop\dds.scr

[2010/06/26 06:13:52 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Charles Waugh\ntuser.dat

[2010/06/26 06:13:52 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Charles Waugh\ntuser.ini

[2010/06/26 06:12:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\defogger_reenable

[2010/06/26 06:11:45 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Desktop\Defogger.exe

[2010/06/25 18:45:51 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk

[2010/06/25 17:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010/06/25 13:38:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1993962763-839522115-1003Core.job

[2010/06/25 12:29:06 | 000,017,207 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\ProSelect_Prefs_41.xml

[2010/06/25 11:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010/06/25 09:27:01 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

[2010/06/25 08:45:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/06/25 06:10:17 | 000,017,666 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat

[2010/06/25 06:07:03 | 013,923,332 | -H-- | M] () -- C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\IconCache.db

[2010/06/25 05:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010/06/24 23:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010/06/24 06:46:41 | 000,534,572 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/24 06:46:41 | 000,464,962 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/24 06:46:41 | 000,079,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/23 20:46:16 | 004,202,005 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\My Documents\FileZilla_3.3.3_win32-setup.exe

[2010/06/23 00:08:02 | 000,000,684 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/06/23 00:08:02 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/23 00:08:02 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2010/06/22 20:00:00 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/06/22 19:51:01 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/06/22 19:51:00 | 000,001,636 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/06/20 07:39:58 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/06/16 19:52:12 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/06/16 19:43:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk

[2010/06/13 23:44:20 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\My Documents\junk test.doc

[2010/06/12 23:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/06/12 22:19:36 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk

[2010/06/11 10:07:09 | 000,001,856 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.lnk

[2010/06/11 10:07:09 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop Lightroom 3.lnk

[2010/06/11 08:17:46 | 001,678,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/10 09:50:11 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk

[2010/06/09 21:34:05 | 000,002,378 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Desktop\Google Chrome.lnk

[2010/06/09 21:34:05 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/05/29 10:59:00 | 000,066,086 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\ProSelect_Data_bk1.xml

[2010/05/29 10:59:00 | 000,066,086 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\ProSelect_Data.xml

[2010/05/29 10:53:51 | 000,066,086 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\ProSelect_Data_bk2.xml

[2010/05/29 10:44:07 | 000,065,355 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\ProSelect_Data_bk3.xml

[2010/05/29 10:41:14 | 000,065,354 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\Application Data\ProSelect_Data_bk4.xml

[2010/05/28 09:00:00 | 2013,892,704 | ---- | M] () -- C:\Documents and Settings\Charles Waugh\My Documents\PinnacleStudio14Trial.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Charles Waugh\My Documents\*.tmp files -> C:\Documents and Settings\Charles Waugh\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/26 09:24:13 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\Desktop\NTREGOPT.lnk

[2010/06/26 09:24:13 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\Desktop\ERUNT.lnk

[2010/06/26 07:03:29 | 000,004,552 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\Desktop\Attach.zip

[2010/06/26 06:38:50 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\Desktop\9een9824.exe

[2010/06/26 06:21:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\Desktop\xmuxm7qr.exe

[2010/06/26 06:19:21 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\Desktop\dds.scr

[2010/06/26 06:12:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\defogger_reenable

[2010/06/24 17:34:04 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\Desktop\Defogger.exe

[2010/06/23 20:46:10 | 004,202,005 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\My Documents\FileZilla_3.3.3_win32-setup.exe

[2010/06/22 20:00:00 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/06/20 07:39:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/06/16 19:43:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk

[2010/06/13 23:44:19 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\My Documents\junk test.doc

[2010/06/11 10:50:31 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop Lightroom 3.lnk

[2010/06/11 10:07:09 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.lnk

[2010/06/11 09:12:41 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk

[2010/05/31 08:14:57 | 000,135,089 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb

[2010/05/28 08:43:52 | 2013,892,704 | ---- | C] () -- C:\Documents and Settings\Charles Waugh\My Documents\PinnacleStudio14Trial.exe

[2010/03/31 14:36:37 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\INETWH32.DLL

[2010/03/26 20:13:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010/03/26 20:11:51 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI

[2010/02/25 09:07:32 | 000,024,768 | ---- | C] () -- C:\WINDOWS\wfxhelp.dll

[2010/02/10 12:43:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinCorder.INI

[2010/02/08 13:39:57 | 000,026,000 | ---- | C] () -- C:\WINDOWS\System32\PteVideo.dll

[2010/01/26 17:40:39 | 000,000,288 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini

[2009/12/28 00:24:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Designer.INI

[2009/12/20 20:50:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/12/12 17:41:28 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys

[2009/12/12 17:40:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS\AutoRun.ini

[2009/12/11 13:35:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/12/11 12:17:09 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2009/12/11 11:35:59 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009/12/11 11:35:58 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009/12/11 11:35:56 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009/12/11 11:35:56 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009/12/11 11:21:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/12/11 11:21:10 | 000,032,805 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/12/11 11:21:09 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/06/10 09:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/06/10 09:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/06/10 09:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/06/10 09:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/06/16 19:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/06/25 19:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/01/24 21:15:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2009/12/17 20:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex

[2010/04/29 13:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/12/21 08:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/12/29 20:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\AMPSoft

[2009/12/25 21:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\AnvSoft

[2010/03/07 19:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\avidemux

[2010/02/26 15:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\BitTorrent

[2010/06/26 06:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Dropbox

[2010/06/24 18:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\FileZilla

[2010/01/26 17:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Image Zone Express

[2010/03/31 16:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\IronCAD

[2010/03/29 10:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Locate32

[2009/12/17 17:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Netscape

[2010/04/23 07:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\OpenOffice.org

[2009/12/17 17:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Photodex

[2009/12/25 14:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Publish Providers

[2009/12/12 15:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Scooter Software

[2009/12/25 14:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Sony

[2010/03/29 11:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Stegisoft

[2010/06/16 22:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Toktumi

[2009/12/12 16:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Windows Desktop Search

[2009/12/12 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Waugh\Application Data\Windows Search

[2010/06/24 23:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job

[2010/06/25 05:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job

[2010/06/25 11:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job

[2010/06/25 17:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job

[2010/06/12 23:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 6/26/2010 9:25:35 AM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Charles Waugh\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 127.99 Gb Total Space | 40.13 Gb Free Space | 31.36% Space Free | Partition Type: NTFS

Drive D: | 1.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 465.76 Gb Total Space | 179.95 Gb Free Space | 38.64% Space Free | Partition Type: NTFS

Drive H: | 465.76 Gb Total Space | 141.18 Gb Free Space | 30.31% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Drive J: | 698.64 Gb Total Space | 41.56 Gb Free Space | 5.95% Space Free | Partition Type: NTFS

Drive V: | 372.61 Gb Total Space | 82.06 Gb Free Space | 22.02% Space Free | Partition Type: NTFS

Drive X: | 698.64 Gb Total Space | 30.61 Gb Free Space | 4.38% Space Free | Partition Type: NTFS

Computer Name: OFFICE

Current User Name: Charles Waugh

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\TimeExposure\ProSelect\ProSelect.exe" = C:\Program Files\TimeExposure\ProSelect\ProSelect.exe:*:Enabled:ProSelect -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)

"C:\Documents and Settings\Charles Waugh\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Charles Waugh\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()

"C:\Documents and Settings\Charles Waugh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Charles Waugh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)

"C:\Program Files\Toktumi\Toktumi.exe" = C:\Program Files\Toktumi\Toktumi.exe:*:Enabled:Toktumi client application -- (Toktumi)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\asam.exe" = C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\asam.exe:*:Enabled:enable -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3

"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D

"{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver

"{4196D960-68B0-4BEB-B312-3C1B4654068D}" = Handy Recovery 4.0

"{4572C3C9-1E75-480C-8C79-977FEB95A058}" = Sony Vegas Movie Studio 6.0a

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{55BCD416-7CDD-4CD8-8512-C5038DBAB5DD}" = Cooliris for Internet Explorer

"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{57E94D54-739A-4A91-AAEC-51AAA7714A8F}" = My Photo Books (H&H Coffee Table Books Edition)

"{581125F9-D1C6-4797-93BB-47A992D69AA8}" = Screen Grab Pro

"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{66B6D13A-9CC1-417D-B6F2-58AA539D1033}" = Nero 7 Essentials

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{81422E1C-D430-4B28-AE3B-E2FC4F3F273E}" = VBA (3821h)

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKSTD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKSTD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKSTD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKSTD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00E0-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007

"{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{4CC15612-EC1B-4563-9FBD-6A01680BDC13}" =

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}" = Corel Painter IX

"{A05CF147-BEED-4880-BF9B-4EAF22C77FFD}" = Microsoft Pro Photo Tools

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B0513493-04B9-4F21-B4AB-83E750D54256}" = Adobe Photoshop Lightroom 2.7

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B4639B37-945A-4326-93DC-E1265CFE7832}" = Toktumi client

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX

"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

I had to email these to my laptop to send them - the other computer kept giving me 'page not found' when hitting 'Add Reply' or 'Preview'

Results of screen317's Security Check version 0.99.4

Windows XP Service Pack 3

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Internet Security

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 18

Out of date Java installed!

Adobe Flash Player 9 (Out of date Flash Player installed!)

Adobe Flash Player 10.1.53.64

Adobe Reader 9.3

Mozilla Firefox (3.6.4)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe

ALWILS~1 Avast5 avastUI.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites

Hello Charles,

Do NOT do any websurfing, NO online games, etc. Just only go to this forum and the sites I guide you to.

Step 1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Step 2

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    :files
    C:\system.exe
    c:\windows\system.exe
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c57f440b-0120-11df-bc4f-00248c6efe59}]
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of the OTL MovedFiles log

and C:\Combofix.txt

Link to post
Share on other sites

OTL log file below

after removing a file from Documents and Settings and a reboot, ComboFix blue-screened out.

after the restart, there was no log file open for ComboFix

All processes killed

========== PROCESSES ==========

========== OTL ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

========== FILES ==========

File\Folder C:\system.exe not found.

File\Folder c:\windows\system.exe not found.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c57f440b-0120-11df-bc4f-00248c6efe59}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c57f440b-0120-11df-bc4f-00248c6efe59}\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 1616462 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 76682206 bytes

->Flash cache emptied: 42513 bytes

User: All Users

User: Charles Waugh

->Temp folder emptied: 21842071494 bytes

->Temporary Internet Files folder emptied: 1285132651 bytes

->Java cache emptied: 36018 bytes

->FireFox cache emptied: 130182955 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1053197 bytes

User: Charles2

->Temp folder emptied: 652421 bytes

->Temporary Internet Files folder emptied: 32768 bytes

->Java cache emptied: 6809799 bytes

->FireFox cache emptied: 20596344 bytes

->Flash cache emptied: 94795 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 23712816 bytes

->Flash cache emptied: 4209 bytes

User: NetworkService

->Temp folder emptied: 640988 bytes

->Temporary Internet Files folder emptied: 5946389 bytes

->Flash cache emptied: 463 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1138618 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 89144712 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 49442624 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 80720 bytes

Total Files Cleaned = 22,445.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.7.0 log created on 06262010_152710

Files\Folders moved on Reboot...

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z58FQSWT\adde[1].xml moved successfully.

File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

C:\WINDOWS\temp\MSIf6eaf.LOG moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

You noted

after removing a file from Documents and Settings and a reboot, ComboFix blue-screened out.

after the restart, there was no log file open for ComboFix

Did you write down the information on the "blue screen"??

Can you look for a file (log) C:\combofix.txt ?

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Do NOT attach the logs. Always open each file in NOTEPAD. Then do a Copy ALL (CTRL-Key+A) , and then Paste (CTRL-Key+V) into Reply text-box.

Link to post
Share on other sites

Sorry, the BSOD was only up for about a half-second, then it went black.

No ComboFix.txt in root or Desktop

:-(

Logfile of random's system information tool 1.07 (written by random/random)

Run by Charles Waugh at 2010-06-27 08:41:10

Microsoft Windows XP Professional Service Pack 3

System drive C: has 69 GB (53%) free of 131 GB

Total RAM: 3070 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:41:25 AM, on 6/27/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Toktumi\Toktumi.exe

C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe

C:\Documents and Settings\Charles Waugh\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\PowerPro\powerpro.exe

C:\Documents and Settings\Charles Waugh\My Documents\Downloads\ProcessExplorer\procexp.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Charles Waugh\Desktop\RSIT.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\trend micro\Charles Waugh.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ToktumiClient] C:\Program Files\Toktumi\Toktumi.exe /m

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Charles Waugh\Application Data\Dropbox\bin\Dropbox.exe

O4 - Startup: PowerPro.lnk = C:\Program Files\PowerPro\powerpro.exe

O4 - Startup: procexp.exe.lnk = C:\Documents and Settings\Charles Waugh\My Documents\Downloads\ProcessExplorer\procexp.exe

O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe

O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F97077-275A-489A-BC8E-358980420E51}: NameServer = 8.8.8.8,8.8.4.4

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PEVSystemStart - Unknown owner - C:\Combo-Fix\PEV.cfxxe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--

End of file - 8869 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1993962763-839522115-1003Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1993962763-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-21 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-23 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]

C:\Program Files\PicLensIE\cooliris.dll [2010-01-05 4692448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-11-17 17676288]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-19 36864]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]

"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]

""= []

"Six Engine"=C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe [2008-11-13 5974528]

"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"=C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-12 135664]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"ToktumiClient"=C:\Program Files\Toktumi\Toktumi.exe [2010-01-13 5880904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asam]

C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\asam.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-07-14 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdnuubhy]

C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\tgesaxlrk\uwwfwlgtssd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Hamachi2Svc"=2

"Pml Driver HPZ12"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe

ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe

C:\Documents and Settings\Charles Waugh\Start Menu\Programs\Startup

Dropbox.lnk - C:\Documents and Settings\Charles Waugh\Application Data\Dropbox\bin\Dropbox.exe

PowerPro.lnk - C:\Program Files\PowerPro\powerpro.exe

procexp.exe.lnk - C:\Documents and Settings\Charles Waugh\My Documents\Downloads\ProcessExplorer\procexp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoSMMyPictures"=0x01000000

"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\TimeExposure\ProSelect\ProSelect.exe"="C:\Program Files\TimeExposure\ProSelect\ProSelect.exe:*:Enabled:ProSelect"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"C:\Documents and Settings\Charles Waugh\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Charles Waugh\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"

"C:\Documents and Settings\Charles Waugh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Charles Waugh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"

"C:\Program Files\Toktumi\Toktumi.exe"="C:\Program Files\Toktumi\Toktumi.exe:*:Enabled:Toktumi client application"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\asam.exe"="C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\asam.exe:*:Enabled:enable"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

.reg - edit -

.reg - open - c:\Winnt\Regedit.exe %1

======List of files/folders created in the last 1 months======

2010-06-27 08:41:10 ----D---- C:\rsit

2010-06-27 08:41:10 ----D---- C:\Program Files\trend micro

2010-06-26 15:45:04 ----A---- C:\Boot.bak

2010-06-26 15:45:00 ----RASHD---- C:\cmdcons

2010-06-26 15:40:28 ----A---- C:\WINDOWS\zip.exe

2010-06-26 15:40:28 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-06-26 15:40:28 ----A---- C:\WINDOWS\SWSC.exe

2010-06-26 15:40:28 ----A---- C:\WINDOWS\SWREG.exe

2010-06-26 15:40:28 ----A---- C:\WINDOWS\sed.exe

2010-06-26 15:40:28 ----A---- C:\WINDOWS\PEV.exe

2010-06-26 15:40:28 ----A---- C:\WINDOWS\NIRCMD.exe

2010-06-26 15:40:28 ----A---- C:\WINDOWS\MBR.exe

2010-06-26 15:40:28 ----A---- C:\WINDOWS\grep.exe

2010-06-26 15:40:16 ----SD---- C:\Combo-Fix

2010-06-26 15:39:59 ----D---- C:\Qoobox

2010-06-26 15:27:10 ----D---- C:\_OTL

2010-06-26 09:24:53 ----D---- C:\WINDOWS\ERDNT

2010-06-26 09:24:13 ----D---- C:\Program Files\ERUNT

2010-06-24 07:50:15 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-06-20 07:39:06 ----D---- C:\Program Files\iPod

2010-06-20 07:39:02 ----D---- C:\Program Files\iTunes

2010-06-16 19:42:03 ----A---- C:\WINDOWS\system32\aswBoot.exe

2010-06-16 19:41:57 ----D---- C:\Program Files\Alwil Software

2010-06-16 18:17:59 ----D---- C:\Avast install

2010-06-14 15:34:19 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

2010-06-13 10:41:05 ----A---- C:\WINDOWS\system32\ptpusb.dll

2010-06-13 10:41:04 ----A---- C:\WINDOWS\system32\ptpusd.dll

2010-06-10 23:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$

2010-06-10 23:44:23 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$

2010-06-10 23:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$

2010-06-10 23:40:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$

2010-06-10 23:40:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$

2010-06-10 23:40:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$

2010-06-10 23:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$

2010-06-02 09:29:09 ----D---- C:\Config.Msi

2010-05-31 08:11:31 ----A---- C:\WINDOWS\system32\nvcpl.dll

2010-05-31 08:10:00 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

2010-05-31 08:09:47 ----D---- C:\Program Files\NVIDIA Corporation

2010-05-28 08:43:46 ----D---- C:\Documents and Settings\Charles Waugh\Application Data\Download Manager

======List of files/folders modified in the last 1 months======

2010-06-27 08:41:10 ----RD---- C:\Program Files

2010-06-27 08:40:19 ----D---- C:\WINDOWS\Temp

2010-06-26 16:06:48 ----D---- C:\Documents and Settings\Charles Waugh\Application Data\Dropbox

2010-06-26 16:06:40 ----D---- C:\WINDOWS\system32\drivers

2010-06-26 16:05:27 ----D---- C:\Documents and Settings\Charles Waugh\Application Data\WTablet

2010-06-26 16:03:50 ----D---- C:\WINDOWS\Minidump

2010-06-26 16:03:50 ----D---- C:\WINDOWS

2010-06-26 16:01:07 ----D---- C:\WINDOWS\system32

2010-06-26 16:01:07 ----D---- C:\WINDOWS\AppPatch

2010-06-26 16:01:04 ----D---- C:\Program Files\Common Files

2010-06-26 15:54:55 ----D---- C:\WINDOWS\system32\CatRoot2

2010-06-26 15:45:04 ----RASH---- C:\boot.ini

2010-06-26 07:05:45 ----SHD---- C:\WINDOWS\Installer

2010-06-26 06:12:11 ----D---- C:\Program Files\Mozilla Firefox

2010-06-25 23:10:43 ----D---- C:\WINDOWS\Prefetch

2010-06-25 19:11:13 ----D---- C:\Documents and Settings\All Users\Application Data\avg9

2010-06-25 18:27:09 ----D---- C:\Documents and Settings\Charles Waugh\Application Data\Skype

2010-06-25 08:45:25 ----A---- C:\WINDOWS\NeroDigital.ini

2010-06-25 06:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$

2010-06-24 18:30:27 ----D---- C:\Documents and Settings\Charles Waugh\Application Data\FileZilla

2010-06-24 07:57:02 ----D---- C:\WINDOWS\Microsoft.NET

2010-06-24 07:56:56 ----RSD---- C:\WINDOWS\assembly

2010-06-24 07:07:25 ----D---- C:\WINDOWS\Debug

2010-06-24 07:01:26 ----D---- C:\Program Files\CCleaner

2010-06-24 06:46:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-06-24 06:46:12 ----D---- C:\WINDOWS\WinSxS

2010-06-23 20:46:33 ----D---- C:\Program Files\FileZilla FTP Client

2010-06-23 05:25:42 ----RSD---- C:\WINDOWS\Fonts

2010-06-23 00:08:02 ----A---- C:\WINDOWS\win.ini

2010-06-23 00:08:02 ----A---- C:\WINDOWS\system.ini

2010-06-22 20:09:56 ----D---- C:\Program Files\Common Files\Adobe AIR

2010-06-22 20:00:10 ----D---- C:\Program Files\QuickTime

2010-06-21 20:03:28 ----D---- C:\Toktumi Calls Recorded

2010-06-20 07:39:04 ----D---- C:\Program Files\Common Files\Apple

2010-06-20 07:34:04 ----D---- C:\WINDOWS\system32\CatRoot

2010-06-20 07:32:08 ----DC---- C:\WINDOWS\system32\DRVSTORE

2010-06-20 07:32:07 ----HD---- C:\WINDOWS\inf

2010-06-20 07:31:35 ----D---- C:\Program Files\Bonjour

2010-06-16 22:58:24 ----D---- C:\Documents and Settings\Charles Waugh\Application Data\Toktumi

2010-06-16 19:41:57 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software

2010-06-16 19:37:30 ----D---- C:\a

2010-06-16 19:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2010-06-15 06:50:02 ----D---- C:\Documents and Settings\All Users\Application Data\NOS

2010-06-11 10:07:12 ----D---- C:\Program Files\Common Files\Adobe

2010-06-11 10:06:39 ----D---- C:\Program Files\Adobe

2010-06-10 23:44:33 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-06-10 23:44:22 ----HD---- C:\WINDOWS\$hf_mig$

2010-06-10 23:43:10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2010-06-09 22:58:38 ----D---- C:\Documents and Settings\Charles Waugh\Application Data\Adobe

2010-06-06 06:50:30 ----SD---- C:\Documents and Settings\Charles Waugh\Application Data\Microsoft

2010-06-04 23:25:42 ----D---- C:\Program Files\PowerPro

2010-06-04 05:35:57 ----D---- C:\Program Files\Microsoft Silverlight

2010-06-04 05:34:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2010-06-02 23:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

2010-06-02 09:54:26 ----D---- C:\WINDOWS\system32\config

2010-06-02 09:53:25 ----D---- C:\WINDOWS\system32\wbem

2010-06-02 09:53:19 ----D---- C:\WINDOWS\Registration

2010-06-02 09:35:25 ----D---- C:\WINDOWS\Help

2010-06-02 09:28:29 ----D---- C:\WINDOWS\system32\Restore

2010-06-02 08:41:03 ----D---- C:\Documents and Settings

2010-05-31 08:13:37 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-05-28 12:37:34 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]

R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2010-05-06 307280]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]

R2 PDIHWCTL;PDIHWCTL; \??\C:\WINDOWS\system32\drivers\pdihwctl.sys []

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]

R3 dfmirage;dfmirage; C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 31896]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-11-25 4952576]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 16168]

R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]

R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2009-09-21 14120]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

S3 catchme;catchme; \??\C:\DOCUME~1\CHARLE~1\LOCALS~1\Temp\catchme.sys []

S3 Ch2kPS2;Cherry PS/2 Keyboard Driver (CDI); C:\WINDOWS\system32\DRIVERS\Ch2kPS2.sys [2008-01-24 130560]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]

S3 i1;eye-one; C:\WINDOWS\system32\DRIVERS\i1.sys [2004-05-07 26045]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]

R2 FolderSize;Folder Size; C:\Program Files\FolderSize\FolderSizeSvc.exe [2007-11-14 131072]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-23 153376]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]

R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2010-03-08 5010288]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]

R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-11 654848]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]

S2 PEVSystemStart;PEVSystemStart; C:\Combo-Fix\PEV.cfxxe [2010-04-26 256512]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-06-27 08:41:27

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {4CC15612-EC1B-4563-9FBD-6A01680BDC13}

-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}

Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}

Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}

Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}

Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}

Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin

Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}

Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}

Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}

Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe Media Player-->msiexec /qb /x {95264530-5A22-8E7E-FE9D-D63A927BCAEA}

Adobe Media Player-->MsiExec.exe /I{95264530-5A22-8E7E-FE9D-D63A927BCAEA}

Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

Adobe Photoshop Lightroom 2.7-->MsiExec.exe /I{B0513493-04B9-4F21-B4AB-83E750D54256}

Adobe Photoshop Lightroom 3-->MsiExec.exe /I{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}

Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}

Adobe Setup-->MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}

Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}

Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}

AMP Font Viewer-->"C:\Program Files\AMP Font Viewer\uninstall.exe"

Any Video Converter 3.0.1-->"C:\Program Files\AnvSoft\Any Video Converter\unins000.exe"

Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}

Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall

AutoSketch v7.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\AutoSketch\DeIsL1.isu" -c"C:\Program Files\AutoSketch\Uninst.dll

avast! Internet Security-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup

Avidemux 2.5-->C:\Program Files\Avidemux 2.5\uninstall.exe

AVS Audio Converter version 6.1-->"C:\Program Files\AVS4YOU\AVSAudioConverter6\unins000.exe"

AVS Media Player 3.1-->"C:\Program Files\AVS4YOU\AVSMediaPlayer\unins000.exe"

AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"

AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"

AVS Video Editor 4-->"C:\Program Files\AVS4YOU\AVSVideoEditor\unins000.exe"

AVS Video Recorder 2.4-->"C:\Program Files\AVS4YOU\AVSVideoRecorder\unins000.exe"

AVS YouTube Uploader version 2.1-->"C:\Program Files\AVS4YOU\AVSYouTubeUploader\unins000.exe"

AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"

Beyond Compare Version 3.1.8-->"C:\Program Files\Beyond Compare 3\unins000.exe"

Bing Maps 3D-->MsiExec.exe /I{2D87E961-577B-492B-AD54-1368680FB9A7}

BitTorrent-->C:\Program Files\BitTorrent\uninst.exe

Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}

CamStudio Lossless Codec v1.4-->"C:\WINDOWS\system32\unins000.exe"

CamStudio-->C:\Program Files\CamStudio\uninstall.exe

CardRecovery 5.30-->"C:\Program Files\CardRecovery\unins000.exe"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Cooliris for Internet Explorer-->MsiExec.exe /X{55BCD416-7CDD-4CD8-8512-C5038DBAB5DD}

Corel Painter IX-->MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}

CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall

Email2Database 1.1-->C:\Program Files\Email2Database\uninst.exe

Epson Print CD-->C:\Program Files\InstallShield Installation Information\{D16A31F9-276D-4968-A753-FFEAC56995D0}\setup.exe -runfromtemp -l0x0009 -removeonly

EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPU-6 Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56B83336-FBC1-4C46-8613-90A9E3B440D6}\setup.exe" -l0x9

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

Eye-One Diagnostics-->"C:\Program Files\GretagMacbeth\i1\Eye-One Diagnostics\unins000.exe"

Eye-One Match 3.6.1-->"C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\unins000.exe"

eZsuite-->"C:\Program Files\HH Color Lab\eZsuite\Uninstall_eZsuite\Uninstall eZsuite.exe"

FileZilla Client 3.3.3-->C:\Program Files\FileZilla FTP Client\uninstall.exe

Folder Size for Windows-->MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}

Free WMA to MP3 Converter 1.16-->"C:\Program Files\Free WMA to MP3 Converter\unins000.exe"

GDocBackup 0.4.13-->C:\Program Files\GDocBackup\uninst.exe

Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}

Google SketchUp 7-->MsiExec.exe /X{597E70FF-7C46-4EED-8092-91B7C2E0529D}

Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Handy Recovery 4.0-->"C:\Program Files\SoftLogica\Handy Recovery\Uninstall.exe" "C:\Program Files\SoftLogica\Handy Recovery\install.log" -u

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}

HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat

HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}

HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

ImageMagick 6.5.9-5 Q16 (2010-02-15)-->"C:\Program Files\ImageMagick-6.5.9-Q16\unins000.exe"

IronCAD-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IronCAD\IronCAD\Uninst.isu" -c"C:\Program Files\IronCAD\IronCAD\Setup.dll"

iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}

Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}

JMicron JMB36X Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly

JPEE Email Utility v5.4.4-->C:\Program Files\JPEE\uninstall.exe

LogMeIn Hamachi-->C:\WINDOWS\system32\\msiexec.exe /i {8A74DEFD-A224-49CC-AB80-4E88BC730125} REMOVE=ALL

LogMeIn Hamachi-->MsiExec.exe /I{8A74DEFD-A224-49CC-AB80-4E88BC730125}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office Outlook 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKSTD /dll OSETUP.DLL

Microsoft Office Outlook 2007-->MsiExec.exe /X{90120000-00E0-0000-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Pro Photo Tools-->MsiExec.exe /I{A05CF147-BEED-4880-BF9B-4EAF22C77FFD}

Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)-->MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Mirage Driver 1.1-->"C:\Program Files\DemoForge\Mirage Driver\uninst\unins000.exe"

Mozilla Firefox (3.6.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

My Photo Books (H&H Coffee Table Books Edition)-->MsiExec.exe /I{57E94D54-739A-4A91-AAEC-51AAA7714A8F}

Nero 7 Essentials-->MsiExec.exe /X{66B6D13A-9CC1-417D-B6F2-58AA539D1033}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}

OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

Photodex Presenter-->C:\Program Files\Photodex Presenter\remove.exe

PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PowerPro 4.9 (remove only)-->C:\PROGRA~1\PowerPro\unwise.exe ***

ProSelect-->"C:\WINDOWS\ProSelect Uninstaller.exe"

ProSelect-->"C:\WINDOWS\ProSelect Uninstaller.exe"

ProShow Producer-->C:\Program Files\Photodex\ProShowProducer\proshow.exe . -u

QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe -runfromtemp -l0x0009 -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly

Rename Master-->"C:\Program Files\Rename Master\unins000.exe"

Screen Grab Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581125F9-D1C6-4797-93BB-47A992D69AA8}\setup.exe"

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"

SimpleOCR 3.1-->C:\PROGRA~1\SIMPLE~1\UNWISE.EXE C:\PROGRA~1\SIMPLE~1\INSTALL.LOG

Skype

Link to post
Share on other sites

I'd suggest you turn off the Windows duh-fault restart on error.

Right Click the My Computer icon on desktop. Select Properties.

Next, select Advanced. Look for a block that says Startup and recovery. Press the settings button.

In System failure section, turn off (un-check) Automatically restart.

Write an event to system log should be Checked (selected).

Apply change. OK as needed and exit.

If you should later on see a STOP error, write down all of the codes and text. And then you can do research (as well as posting here).

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gifIf you are a casual viewer, do NOT try this on your system!

If you are not chuckwa and have a similar problem, do NOT post here; start your own topic

These steps are for this machine ONLY and none other ! Usage on any other system may well cause harm or unexpected results !

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Step 1

There appears to be a well entrenched rootkit aboard. This next is to disable and remove it.

First, disable your AntiVirus real-time monitor and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download The Avenger by Swandog46 from here.

  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to start The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Drivers to disable:
    pdnuubhy

    Drivers to delete:
    pdnuubhy

    Files to delete:
    C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\tgesaxlrk\uwwfwlgtssd.exe

    Folders to delete:
    C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\tgesaxlrk
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler

    Registry values to delete:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | pdnuubhy
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg | pdnuubhy


  • In the avenger window, click the Paste Script from Clipboard icon, pastets4.png button.
  • ! Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.

Not all the items will be found; so do not worry. Hopefully enough of the rootkit will be removed so that we can continue forward with more cleaning.

If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.

and then reboot the system again.

Step 2

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Step 3

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A new run of Combofix (that you already have).
  • Double click on Combo-Fix.exe (red-lion icon) & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Step 4

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner sub-tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 5

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of C:\Avenger.txt

copy of contents of C:\Combofix.txt

MBAM scan log

and tell me, How is your system now ?

Edited by Maurice Naggar
Link to post
Share on other sites

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: could not open driver "pdnuubhy"

Disablement of driver "pdnuubhy" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\pdnuubhy" not found!

Deletion of driver "pdnuubhy" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\tgesaxlrk\uwwfwlgtssd.exe" not found!

Deletion of file "C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\tgesaxlrk\uwwfwlgtssd.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Folder "C:\Documents and Settings\Charles Waugh\Local Settings\Application Data\tgesaxlrk" deleted successfully.

Folder "C:\recycler" deleted successfully.

Error: could not open folder "D:\recycler"

Deletion of folder "D:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "e:\recycler"

Deletion of folder "e:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "f:\recycler"

Deletion of folder "f:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "g:\recycler"

Deletion of folder "g:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "h:\recycler"

Deletion of folder "h:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|pdnuubhy"

Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|pdnuubhy" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: could not delete registry value "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg|pdnuubhy"

Deletion of registry value "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg|pdnuubhy" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Link to post
Share on other sites

ComboFix 10-06-27.03 - Charles Waugh 06/27/2010 15:18:08.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2326 [GMT -7:00]

Running from: c:\documents and settings\Charles Waugh\Desktop\Combo-Fix.exe

AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\Charles Waugh\g2mdlhlpx.exe

.

((((((((((((((((((((((((( Files Created from 2010-05-27 to 2010-06-27 )))))))))))))))))))))))))))))))

.

2010-06-27 15:41 . 2010-06-27 15:41 -------- d-----w- C:\rsit

2010-06-27 15:41 . 2010-06-27 15:41 -------- d-----w- c:\program files\trend micro

2010-06-26 22:27 . 2010-06-26 22:27 -------- d-----w- C:\_OTL

2010-06-26 16:24 . 2010-06-26 16:24 -------- d-----w- c:\program files\ERUNT

2010-06-25 18:22 . 2010-06-25 18:22 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-06-20 14:39 . 2010-06-20 14:39 -------- d-----w- c:\program files\iPod

2010-06-20 14:39 . 2010-06-20 14:39 -------- d-----w- c:\program files\iTunes

2010-06-20 14:29 . 2010-06-20 14:29 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-17 02:43 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-17 02:43 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-17 02:42 . 2010-05-06 20:41 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2010-06-17 02:42 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-17 02:42 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-17 02:42 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-06-17 02:42 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-06-17 02:42 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-06-17 02:42 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-17 02:42 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-06-17 02:41 . 2010-06-17 02:41 -------- d-----w- c:\program files\Alwil Software

2010-06-17 01:17 . 2010-06-17 01:18 -------- d-----w- C:\Avast install

2010-06-14 22:34 . 2010-06-14 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-06-13 17:41 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-06-13 17:41 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-06-02 16:53 . 2010-06-02 16:53 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-02 15:57 . 2010-06-02 15:57 -------- d-----w- c:\documents and settings\Charles2\Application Data\Ahead

2010-06-02 15:57 . 2010-06-02 15:57 -------- d-----w- c:\documents and settings\Charles2\Application Data\AnvSoft

2010-06-02 15:57 . 2010-06-02 16:29 -------- d-----w- c:\documents and settings\Charles2\Application Data\AVS4YOU

2010-06-02 15:57 . 2010-06-02 16:29 -------- d-----w- c:\documents and settings\Charles2\Application Data\avidemux

2010-06-02 15:57 . 2010-06-02 16:29 -------- d-----w- c:\documents and settings\Charles2\Application Data\BitTorrent

2010-06-02 15:57 . 2010-06-02 15:57 -------- d-----w- c:\documents and settings\Charles2\Application Data\Corel

2010-06-02 15:57 . 2010-06-02 15:57 -------- d-----w- c:\documents and settings\Charles2\Application Data\Download Manager

2010-06-02 15:56 . 2010-06-02 15:57 -------- d-----w- c:\documents and settings\Charles2\Application Data\Dropbox

2010-06-02 15:56 . 2010-06-02 15:56 -------- d-----w- c:\documents and settings\Charles2\Application Data\IronCAD

2010-06-02 15:56 . 2010-06-02 15:56 -------- d-----w- c:\documents and settings\Charles2\Application Data\Image Zone Express

2010-06-02 15:56 . 2010-06-02 15:56 -------- d-----w- c:\documents and settings\Charles2\Application Data\HP

2010-06-02 15:56 . 2010-06-02 15:56 -------- d-----w- c:\documents and settings\Charles2\Application Data\FileZilla

2010-06-02 15:56 . 2010-06-02 15:56 -------- d-----w- c:\documents and settings\Charles2\Application Data\Locate32

2010-06-02 15:56 . 2010-06-02 15:56 -------- d-----w- c:\documents and settings\Charles2\Application Data\Malwarebytes

2010-06-02 15:55 . 2010-06-02 16:29 -------- d-----w- c:\documents and settings\Charles2\Application Data\Photodex

2010-06-02 15:55 . 2010-06-02 15:55 -------- d-----w- c:\documents and settings\Charles2\Application Data\Scooter Software

2010-06-02 15:55 . 2010-06-02 15:55 -------- d-----w- c:\documents and settings\Charles2\Application Data\OpenOffice.org

2010-06-02 15:55 . 2010-06-02 16:29 -------- d-----w- c:\documents and settings\Charles2\Application Data\Skype

2010-06-02 15:55 . 2010-06-02 15:55 -------- d-----w- c:\documents and settings\Charles2\Application Data\Sony

2010-06-02 15:55 . 2010-06-02 16:29 -------- d-----w- c:\documents and settings\Charles2\Application Data\Toktumi

2010-06-02 15:54 . 2010-06-02 16:29 -------- d-----w- c:\documents and settings\Charles2\.roescache

2010-06-02 15:54 . 2010-06-02 15:54 -------- d-----w- c:\documents and settings\Charles2\.PhotoBook

2010-06-02 15:53 . 2010-06-02 16:29 -------- d-----w- c:\documents and settings\Charles2\.BWC

2010-06-02 15:53 . 2010-06-02 15:53 -------- d-----w- c:\documents and settings\Charles2\.digilabs

2010-06-02 15:42 . 2010-06-02 15:42 -------- d-----w- c:\documents and settings\Charles2\Local Settings\Application Data\Mozilla

2010-06-02 15:42 . 2010-06-02 16:29 -------- d-----w- c:\documents and settings\Charles2\Local Settings\Application Data\Adobe

2010-06-02 15:42 . 2010-06-02 16:29 -------- d-----w- c:\documents and settings\Charles2\Application Data\Apple Computer

2010-06-02 15:42 . 2010-06-02 15:42 -------- d-----w- c:\documents and settings\Charles2\Local Settings\Application Data\Apple Computer

2010-06-02 15:42 . 2010-06-02 16:29 -------- d-----w- c:\documents and settings\Charles2\Local Settings\Application Data\LogMeIn Hamachi

2010-05-31 15:11 . 2009-06-10 16:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

2010-05-31 15:10 . 2010-05-31 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2010-05-31 15:09 . 2010-06-02 16:35 -------- d-----w- c:\program files\NVIDIA Corporation

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-27 22:10 . 2009-12-15 21:56 -------- d-----w- c:\documents and settings\Charles Waugh\Application Data\WTablet

2010-06-27 22:09 . 2009-12-15 08:42 -------- d-----w- c:\documents and settings\Charles Waugh\Application Data\Dropbox

2010-06-26 23:04 . 2009-12-13 05:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet

2010-06-26 02:11 . 2010-03-01 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-06-26 01:27 . 2010-02-17 22:17 -------- d-----w- c:\documents and settings\Charles Waugh\Application Data\Skype

2010-06-25 13:10 . 2010-03-02 21:25 17666 ----a-w- c:\windows\system32\Wacom_Tablet.dat

2010-06-25 01:30 . 2010-01-27 21:56 -------- d-----w- c:\documents and settings\Charles Waugh\Application Data\FileZilla

2010-06-24 14:01 . 2010-02-28 02:24 -------- d-----w- c:\program files\CCleaner

2010-06-24 03:46 . 2010-01-27 21:55 -------- d-----w- c:\program files\FileZilla FTP Client

2010-06-23 03:09 . 2009-12-11 19:30 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-06-23 03:00 . 2009-12-11 19:19 -------- d-----w- c:\program files\QuickTime

2010-06-20 14:39 . 2009-12-21 15:49 -------- d-----w- c:\program files\Common Files\Apple

2010-06-20 14:31 . 2009-12-11 19:12 -------- d-----w- c:\program files\Bonjour

2010-06-17 05:58 . 2010-04-25 22:41 -------- d-----w- c:\documents and settings\Charles Waugh\Application Data\Toktumi

2010-06-17 02:41 . 2010-04-27 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-06-15 13:50 . 2009-12-11 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-11 17:07 . 2009-12-11 19:06 -------- d-----w- c:\program files\Common Files\Adobe

2010-06-11 17:04 . 2010-05-28 15:43 -------- d-----w- c:\documents and settings\Charles Waugh\Application Data\Download Manager

2010-06-11 06:43 . 2009-12-12 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-06-05 06:25 . 2009-12-12 16:53 -------- d-----w- c:\program files\PowerPro

2010-06-04 12:35 . 2010-01-14 05:30 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-02 16:19 . 2010-06-02 15:41 -------- d-----w- c:\documents and settings\Charles2\Application Data\WTablet

2010-06-02 15:41 . 2010-06-02 15:41 73128 ----a-w- c:\documents and settings\Charles2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-25 01:20 . 2010-05-25 01:20 -------- d-----w- c:\program files\CardRecovery

2010-05-24 23:14 . 2010-04-18 23:31 -------- d-----w- c:\program files\PhotoRescue PC

2010-05-22 01:12 . 2009-12-11 18:17 73128 ----a-w- c:\documents and settings\Charles Waugh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-21 14:03 . 2010-03-01 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-20 23:36 . 2010-05-20 23:36 9062 ----a-r- c:\documents and settings\Charles Waugh\Application Data\Microsoft\Installer\{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}\ARPPRODUCTICON.exe

2010-05-20 23:36 . 2010-05-20 23:36 136 ----a-w- c:\documents and settings\Charles Waugh\Local Settings\Application Data\fusioncache.dat

2010-05-20 23:36 . 2010-05-20 23:36 -------- d-----w- c:\program files\Pro Imaging Powertoys

2010-05-20 23:36 . 2010-05-20 23:36 -------- d-----w- c:\program files\Common Files\Nikon

2010-05-20 19:16 . 2010-05-20 19:16 -------- d-----w- c:\program files\Microsoft Pro Photo Tools

2010-05-19 03:40 . 2010-05-19 03:32 358600 ----a-w- c:\documents and settings\Charles Waugh\Application Data\Adobe\Lightroom\Export Actions\Facebook + CFAP Info.exe

2010-05-19 00:18 . 2010-05-19 00:18 342772 ----a-w- c:\documents and settings\Charles Waugh\Application Data\Adobe\Lightroom\Export Actions\5x5 Book Page + BG IMAGE + Stroke.exe

2010-05-19 00:09 . 2010-05-19 00:12 339829 ----a-w- c:\documents and settings\Charles Waugh\Application Data\Adobe\Lightroom\Export Actions\5x5 Book Page + WHITE BG + No Stroke.exe

2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-18 17:54 . 2009-12-12 16:45 -------- d-----w- c:\documents and settings\Charles Waugh\Application Data\Ahead

2010-05-15 07:26 . 2009-12-17 18:32 -------- d-----w- c:\program files\Google

2010-05-12 00:12 . 2010-03-03 18:27 -------- d-----w- c:\program files\Rename Master

2010-05-06 17:36 . 2009-12-25 16:36 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-04 17:35 . 2010-01-17 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 22:39 . 2010-03-03 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 22:39 . 2010-03-03 02:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-29 21:00 . 2009-12-21 15:52 -------- d-----w- c:\documents and settings\Charles Waugh\Application Data\Apple Computer

2010-04-29 20:59 . 2010-04-29 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-23 14:59 . 2010-04-23 14:59 1 ----a-w- c:\documents and settings\Charles Waugh\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-04-23 14:02 . 2009-12-12 18:18 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-20 05:30 . 2001-08-23 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-16 16:09 . 2001-08-23 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2010-04-16 16:09 . 2009-12-11 18:13 81920 ------w- c:\windows\system32\ieencode.dll

2010-04-16 01:53 . 2010-04-16 01:53 56036 ---ha-w- c:\windows\system32\mlfcache.dat

2010-04-04 05:55 . 2009-06-11 02:33 2183470 ----a-w- c:\windows\system32\nvdata.bin

2010-03-31 07:16 . 2010-03-31 07:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-03-31 07:10 . 2010-03-31 07:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-04-20 16:00 . 2010-04-20 16:00 101760 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charles Waugh\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charles Waugh\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Charles Waugh\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-05-06 21:02 151648 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Charles Waugh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-12 135664]

"ToktumiClient"="c:\program files\Toktumi\Toktumi.exe" [2010-01-13 5880904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"nwiz"="nwiz.exe" [2009-06-10 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]

"Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-11-14 5974528]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Charles Waugh\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Charles Waugh\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

PowerPro.lnk - c:\program files\PowerPro\powerpro.exe [2009-11-8 794112]

procexp.exe.lnk - c:\documents and settings\Charles Waugh\My Documents\Downloads\ProcessExplorer\procexp.exe [2009-2-3 3550592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2009-12-12 708608]

ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2009-12-12 954368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-12 07:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 23:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2010-03-30 18:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-07-14 22:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Hamachi2Svc"=2 (0x2)

"Pml Driver HPZ12"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\TimeExposure\\ProSelect\\ProSelect.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Documents and Settings\\Charles Waugh\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Program Files\\Toktumi\\Toktumi.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/16/2010 7:42 PM 307280]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/16/2010 7:43 PM 164048]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/16/2010 7:43 PM 19024]

R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [12/12/2009 5:41 PM 14416]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [3/17/2010 12:56 PM 5010288]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/12/2009 5:14 PM 16168]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2009 7:05 PM 135664]

S3 Ch2kPS2;Cherry PS/2 Keyboard Driver (CDI);c:\windows\system32\drivers\Ch2kPS2.sys [1/24/2008 11:41 AM 130560]

S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [12/12/2009 5:41 PM 26045]

S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]

.

Contents of the 'Scheduled Tasks' folder

2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 02:05]

2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 02:05]

2010-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1993962763-839522115-1003Core.job

- c:\documents and settings\Charles Waugh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-12 16:17]

2010-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1993962763-839522115-1003UA.job

- c:\documents and settings\Charles Waugh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-12 16:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

TCP: {F0F97077-275A-489A-BC8E-358980420E51} = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\documents and settings\Charles Waugh\Application Data\Mozilla\Firefox\Profiles\wkqquzge.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\Charles Waugh\Application Data\Mozilla\Firefox\Profiles\wkqquzge.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\documents and settings\Charles Waugh\Application Data\Mozilla\Firefox\Profiles\wkqquzge.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\documents and settings\Charles Waugh\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\Photodex Presenter\npPxPlay.dll

FF - plugin: c:\program files\TabletPlugins\npwacom.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

------- File Associations -------

.

.reg=Regedit.Document

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-asam - c:\documents and settings\Charles Waugh\Local Settings\Application Data\asam.exe

MSConfigStartUp-pdnuubhy - c:\documents and settings\Charles Waugh\Local Settings\Application Data\tgesaxlrk\uwwfwlgtssd.exe

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Charles Waugh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-1993962763-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08F6952B-121F-DC22-AAE8-527EE483503B}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2512)

c:\program files\PowerPro\PPro.dll

c:\documents and settings\Charles Waugh\Application Data\Dropbox\bin\DropboxExt.13.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-06-27 15:25:18

ComboFix-quarantined-files.txt 2010-06-27 22:25

Pre-Run: 72,233,521,152 bytes free

Post-Run: 72,198,938,624 bytes free

- - End Of File - - DD6BF391D154D0F30F4B8028E86E407A

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4247

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

6/28/2010 5:56:03 AM

mbam-log-2010-06-28 (05-56-03).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|V:\|X:\|)

Objects scanned: 640591

Time elapsed: 11 hour(s), 23 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

X:\CWDESIGN\Photography\Downloads\kirbyalarmsetup_v1.5.exe (Adware.UCMore) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • 2 weeks later...

We need to cleanup after the tools I had you use.

The following few steps will remove tools we used; followed by advice on staying safer.

We have to remove Combofix and all its associated folders.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, then click Run.
    In the command box that opens, type or copy/paste
    combo-fix /uninstall
    and then click OK.

In any event, proceed forward with the OTL step below, even if Combo-fix does not uninstall. OTL Cleanup will remove the remainders of it and the other tools used as well.

  • Please double-click OTL.exe otlDesktopIcon.png to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

We are finished here. Best regards.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.