Jump to content

Google Redirect - McAfee/MBAM won't scan


newguy

Recommended Posts

Nope, that didn't work either. Still cannot connect other than pinging.

Let me make sure I did things in the correct order.

1. Made up the fixme.reg using notepad and the text provided.

2. Saved it on the desktop of the non-working machine.

3. Double clicked it to run it and got the message that it was successful.

4. Rebooted

5. Went to Network Connections -> Properties ->Install ->Protocol ->Add ->Have Disk

6. Typed in C:\WINDOWS\INF then clicked Internet Protocol (TCP/IP) then OK.

7. Allowed system to reboot.

No change in system.

8. Downloaded winsockxpfix.exe and ran it from the desktop of the non-working system.

9. Allowed reboot.

Still no change.

This is getting old... :)

Link to post
Share on other sites

  • Replies 184
  • Created
  • Last Reply

Top Posters In This Topic

You did everything correctly

Lets see if it's a permissions issue that isn't allowing changes.

Download junction.zip from this link, copy it to the non-working pc and extract junction.exe to the non-working pc desktop.

•Right click Junction.zip and choose extract all...

•When the Compressed Folders Extraction wizard opens, click Next

•Click Browse

•When the "select a destination" box opens, click My Computer > Local Disk (C:) > Windows > OK

•Back at the Extraction Wizard, click Next.

•Untick "Show Extracted Files" and click Finish

Open notepad and copy/paste the text in the quotebox below into it:

junction -s c:\ >log.txt

notepad log.txt

Save this as peek.bat Choose to "Save type as - All Files" save it next to junction.exe

It should look like this: bat_icon.gif

Double click the peek.bat and allow it to run. It will take some time to complete, so please be patient and wait until it finishes. A log should open, log.txt will be created on your desktop. Please attach that log in your next reply.

Link to post
Share on other sites

Ok, the log is attached.

I noticed there is mention of Spybot's Teatimer in the log. Spybot was uninstalled back in post #80.

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright © 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com

Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.

Failed to open \\?\c:\\Program Files\Spybot - Search & Destroy\TeaTimer.exe: Access is denied.

..

..

Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.

.

...

...

...

...

...

...

...

...

.\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION

Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION

Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

..

...

...

...

.

Failed to open \\?\c:\\WINDOWS\Prefetch\1650915143: Access is denied.

..

...

...

...

...

...

log.txt

Link to post
Share on other sites

Please download GrantPerms.zip by Farbar and save it to your desktop.

http://download.bleepingcomputer.com/farbar/GrantPerms.zip

•Right click GrantPerms.zip and choose extract all...

•When the Compressed Folders Extraction wizard opens, click Next > Next > Finish.

•Enter the GrantPerms folder & double click GrantPerms.exe to run it.

•Copy and paste the contents of the codebox below into the whitebox (Do Not include Code:)

c:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\WINDOWS\Prefetch\1650915143

•Now Click Unlock

•When it's done, click "OK".

•Now click List Permissions and post contents of the log file that opens (Perms.txt)

•A copy of Perms.txt will be saved in the same directory the tool is run.

Link to post
Share on other sites

OK, here is the log:

GrantPerms by Farbar

Ran by User at 2011-10-26 18:39:04

===============================================

\\?\c:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):

BUILTIN\Administrators FULL ALLOW (NI)

NT AUTHORITY\SYSTEM FULL ALLOW (NI)

BUILTIN\Users READ/EXECUTE ALLOW (NI)

\\?\c:\WINDOWS\Prefetch\1650915143

Owner: BUILTIN\Administrators

DACL(NP)(AI):

BUILTIN\Administrators FULL ALLOW (NI)

NT AUTHORITY\SYSTEM FULL ALLOW (NI)

BUILTIN\Users READ/EXECUTE ALLOW (NI)

Link to post
Share on other sites

I would delete the folder: c:\WINDOWS\Prefetch\1650915143

If SpyBot and/or Teatimer is listed in Add/Remove programs, uninstall it.

If not listed just delete TeaTimer c:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Reboot and see if it made any difference

Link to post
Share on other sites

Deleted "c:\WINDOWS\Prefetch\1650915143" (It was a file with 0 bytes.)

There was nothing for Spybot or Teatimer listed in Add/Remove Programs.

There were no files in the folder "c:\Program Files\Spybot - Search & Destroy" so I deleted the whole folder.

Rebooted.

Still cannot connect.

Link to post
Share on other sites

We have to be dealing with a registry issue or a service not running.

Please follow these steps:

1. Quit all programs that are running.

2. Click Start, and then click Run.

3. Type regsvr32 urlmon.dll, and then click OK.

4. When you receive the "DllRegisterServer in urlmon.dll succeeded" message, click OK.

Please try opening the internet

If that didn't not resolve the problem, repeat steps 1 through 4 for each of the following files (in step 3, replace Urlmon.dll with each of the file names below):

regsvr32 Shdocvw.dll

regsvr32 Msjava.dll

regsvr32 Actxprxy.dll

regsvr32 Oleaut32.dll

regsvr32 Mshtml.dll

regsvr32 Browseui.dll

regsvr32 Shell32.dll

Did it help you?

Link to post
Share on other sites

Still cannot connect but I got a couple of errors that may be relevant:

1. "LoadLibrary ("Msjava.dll") failed - The specified module could not be found."

2. "Mshtml.dll was loaded, but the DllRegisterServer entry point was not found. This file cannot be registered."

Link to post
Share on other sites

Let's see if OTL will sheed any light

Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

  • OTL and Extras logs

Link to post
Share on other sites

Checked out the Microsoft link and went through the steps there.

I uninstalled IE8 (the last resort on the Microsoft page), and still could not connect with IE6.

I went ahead and reinstalled IE8 but of course I still cannot connect.

I'll run OTL and post back...

Link to post
Share on other sites

Here is the OTL.txt file:

OTL logfile created on: 10/26/2011 10:07:18 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User.D6WZS771\Desktop\OTL

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 725.09 Mb Available Physical Memory | 70.95% Memory free

1.66 Gb Paging File | 1.49 Gb Available in Paging File | 90.21% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.20 Gb Total Space | 15.58 Gb Free Space | 21.89% Space Free | Partition Type: NTFS

Drive F: | 1.86 Gb Total Space | 1.46 Gb Free Space | 78.51% Space Free | Partition Type: FAT

Computer Name: DELL | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User.D6WZS771\Desktop\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL ()

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (dlbt_device) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell)

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)

DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/05 18:58:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 18:58:49 | 000,000,000 | ---D | M]

[2008/12/31 20:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.D6WZS771\Application Data\Mozilla\Extensions

[2011/09/09 06:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.D6WZS771\Application Data\Mozilla\Firefox\Profiles\pd9d5dol.default\extensions

[2010/07/27 07:35:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User.D6WZS771\Application Data\Mozilla\Firefox\Profiles\pd9d5dol.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/03/31 18:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER.D6WZS771\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PD9D5DOL.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI

[2010/01/11 19:15:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/09/05 18:45:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/10/25 19:06:43 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.

O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O12 - Plugin for: .pdf - C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll (Adobe Systems Inc.)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB (IOBIVMUtil.VMDecoder)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51612723-576C-40F6-98DC-BBA9D038F789}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\User.D6WZS771\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User.D6WZS771\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 22:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\OTL

[2011/10/26 21:33:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2011/10/26 18:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\GrantPerms

[2011/10/25 19:03:21 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\User.D6WZS771\Desktop\WinsockxpFix.exe

[2011/10/24 11:26:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/10/22 13:49:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/10/22 13:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\Combofix 4

[2011/10/21 00:01:29 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/10/20 21:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\Dell Downloads

[2011/10/20 20:32:29 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\User.D6WZS771\Desktop\dds.scr

[2011/10/20 14:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/10/20 14:23:49 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/10/20 14:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/10/20 13:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\From my system

[2011/10/20 12:02:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User.D6WZS771\Recent

[2011/10/19 19:18:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/10/19 19:18:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/10/19 19:18:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/10/19 19:18:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/10/19 19:17:42 | 004,266,378 | R--- | C] (Swearware) -- C:\Documents and Settings\User.D6WZS771\Desktop\ComboFix.exe

[2011/10/19 19:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\Combofix 3

[2011/10/19 19:17:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\Combofix 2

[2011/10/19 19:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\Combofix3

[2011/10/19 18:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\New Folder (2)

[2011/10/18 21:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\Systemlook 4

[2011/10/18 18:42:44 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll

[2011/10/18 18:42:40 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll

[2011/10/18 18:42:21 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe

[2011/10/18 18:42:16 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys

[2011/10/18 18:41:15 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys

[2011/10/18 18:41:10 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys

[2011/10/18 18:40:59 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys

[2011/10/18 18:40:38 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys

[2011/10/18 18:40:24 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys

[2011/10/18 18:40:21 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys

[2011/10/18 18:40:17 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys

[2011/10/18 18:40:12 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys

[2011/10/18 18:40:08 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys

[2011/10/18 18:40:03 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys

[2011/10/18 18:39:59 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys

[2011/10/18 18:39:43 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys

[2011/10/18 18:39:27 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys

[2011/10/18 18:39:23 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys

[2011/10/18 18:39:19 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys

[2011/10/18 18:39:11 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys

[2011/10/18 18:38:51 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll

[2011/10/18 18:38:36 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll

[2011/10/18 18:38:32 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll

[2011/10/18 18:38:22 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys

[2011/10/18 18:38:18 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll

[2011/10/18 18:38:15 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys

[2011/10/18 18:38:11 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll

[2011/10/18 18:38:07 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys

[2011/10/18 18:38:04 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll

[2011/10/18 18:37:34 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys

[2011/10/18 18:37:28 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys

[2011/10/18 18:37:23 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll

[2011/10/18 18:37:22 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys

[2011/10/18 18:37:18 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys

[2011/10/18 18:37:14 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys

[2011/10/18 18:37:00 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys

[2011/10/18 18:36:56 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll

[2011/10/18 18:36:24 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll

[2011/10/18 18:36:21 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll

[2011/10/18 18:36:17 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys

[2011/10/18 18:36:13 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys

[2011/10/18 18:36:07 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys

[2011/10/18 18:35:18 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys

[2011/10/18 18:35:14 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll

[2011/10/18 18:35:11 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys

[2011/10/18 18:35:07 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys

[2011/10/18 18:35:04 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys

[2011/10/18 18:34:39 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys

[2011/10/18 18:34:36 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys

[2011/10/18 18:34:33 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys

[2011/10/18 18:34:25 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys

[2011/10/18 18:33:42 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys

[2011/10/18 18:33:39 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys

[2011/10/18 18:33:35 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys

[2011/10/18 18:33:32 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll

[2011/10/18 18:33:07 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys

[2011/10/18 18:33:00 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys

[2011/10/18 18:32:57 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys

[2011/10/18 18:32:39 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys

[2011/10/18 18:32:36 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll

[2011/10/18 18:32:33 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys

[2011/10/18 18:32:30 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll

[2011/10/18 18:32:27 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll

[2011/10/18 18:32:24 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll

[2011/10/18 18:32:20 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys

[2011/10/18 18:32:17 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll

[2011/10/18 18:32:14 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys

[2011/10/18 18:32:07 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll

[2011/10/18 18:32:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll

[2011/10/18 18:32:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2011/10/18 18:32:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2011/10/18 18:32:02 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll

[2011/10/18 18:32:01 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll

[2011/10/18 18:31:48 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll

[2011/10/18 18:31:41 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys

[2011/10/18 18:31:37 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys

[2011/10/18 18:31:33 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll

[2011/10/18 18:31:19 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys

[2011/10/18 18:31:16 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys

[2011/10/18 18:30:56 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys

[2011/10/18 18:30:53 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys

[2011/10/18 18:30:50 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys

[2011/10/18 18:30:37 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys

[2011/10/18 18:29:49 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe

[2011/10/18 18:29:37 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys

[2011/10/18 18:29:35 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys

[2011/10/18 18:29:31 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys

[2011/10/18 18:28:48 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys

[2011/10/18 18:28:45 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys

[2011/10/18 18:28:41 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys

[2011/10/18 18:28:37 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys

[2011/10/18 18:28:04 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys

[2011/10/18 18:27:51 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys

[2011/10/18 18:27:47 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys

[2011/10/18 18:27:41 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys

[2011/10/18 18:27:31 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys

[2011/10/18 18:27:28 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll

[2011/10/18 18:27:19 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll

[2011/10/18 18:27:16 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys

[2011/10/18 18:27:13 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys

[2011/10/18 18:27:10 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll

[2011/10/18 18:27:07 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys

[2011/10/18 18:27:04 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll

[2011/10/18 18:26:55 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys

[2011/10/18 18:26:52 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll

[2011/10/18 18:26:49 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys

[2011/10/18 18:26:46 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll

[2011/10/18 18:26:43 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys

[2011/10/18 18:24:42 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys

[2011/10/18 18:24:21 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys

[2011/10/18 18:24:18 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys

[2011/10/18 18:24:17 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys

[2011/10/18 18:24:14 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys

[2011/10/18 18:24:13 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys

[2011/10/18 18:24:11 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys

[2011/10/18 18:24:02 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys

[2011/10/18 18:24:00 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys

[2011/10/18 18:23:57 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys

[2011/10/18 18:23:54 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys

[2011/10/18 18:23:50 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys

[2011/10/18 18:23:47 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys

[2011/10/18 18:23:14 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys

[2011/10/18 18:22:31 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll

[2011/10/18 18:20:16 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll

[2011/10/18 18:20:06 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll

[2011/10/18 18:19:37 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys

[2011/10/18 18:19:34 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys

[2011/10/18 18:19:32 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys

[2011/10/18 18:19:16 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys

[2011/10/18 18:19:07 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys

[2011/10/18 18:19:05 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys

[2011/10/18 18:19:02 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys

[2011/10/18 18:18:59 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys

[2011/10/18 18:18:57 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys

[2011/10/18 18:18:55 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys

[2011/10/18 18:18:40 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys

[2011/10/18 18:18:36 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys

[2011/10/18 18:18:34 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys

[2011/10/18 18:17:02 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys

[2011/10/18 18:16:57 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys

[2011/10/18 18:16:47 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys

[2011/10/18 18:16:45 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys

[2011/10/18 18:16:44 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys

[2011/10/18 18:16:39 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe

[2011/10/18 18:16:38 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll

[2011/10/18 18:16:37 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll

[2011/10/18 18:16:35 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll

[2011/10/18 18:16:33 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys

[2011/10/18 18:16:11 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys

[2011/10/18 18:16:10 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys

[2011/10/18 18:16:06 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys

[2011/10/18 18:15:41 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys

[2011/10/18 18:15:40 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys

[2011/10/18 18:15:39 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys

[2011/10/18 18:15:38 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys

[2011/10/18 18:15:37 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys

[2011/10/18 18:15:35 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys

[2011/10/18 18:15:34 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys

[2011/10/18 18:15:33 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll

[2011/10/18 18:15:24 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll

[2011/10/18 18:15:10 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys

[2011/10/18 18:15:01 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys

[2011/10/18 18:14:51 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys

[2011/10/18 18:14:50 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys

[2011/10/18 18:14:50 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys

[2011/10/18 18:14:49 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys

[2011/10/18 18:14:48 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys

[2011/10/18 18:14:45 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys

[2011/10/18 18:14:44 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys

[2011/10/18 18:14:44 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys

[2011/10/18 18:14:43 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys

[2011/10/18 18:14:41 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll

[2011/10/18 18:14:40 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys

[2011/10/18 18:14:39 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2011/10/18 18:14:10 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys

[2011/10/18 18:14:09 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys

[2011/10/18 18:14:09 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys

[2011/10/18 18:14:08 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys

[2011/10/18 18:14:08 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll

[2011/10/18 18:14:07 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll

[2011/10/18 18:14:06 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys

[2011/10/18 18:14:06 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys

[2011/10/18 18:14:03 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll

[2011/10/18 18:14:02 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe

[2011/10/18 18:14:02 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll

[2011/10/18 18:14:01 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll

[2011/10/18 18:14:00 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys

[2011/10/18 18:13:59 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys

[2011/10/18 18:13:59 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys

[2011/10/18 18:13:58 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll

[2011/10/18 18:13:57 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll

[2011/10/18 18:13:57 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll

[2011/10/18 18:13:53 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys

[2011/10/18 18:13:50 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys

[2011/10/18 18:13:49 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll

[2011/10/18 18:13:48 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys

[2011/10/18 18:13:48 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys

[2011/10/18 18:13:47 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll

[2011/10/18 18:13:47 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys

[2011/10/18 18:13:46 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll

[2011/10/18 18:13:23 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys

[2011/10/18 18:13:19 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys

[2011/10/18 18:13:10 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys

[2011/10/18 18:13:09 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys

[2011/10/18 18:13:08 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys

[2011/10/18 18:13:08 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys

[2011/10/18 18:13:08 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys

[2011/10/18 18:13:05 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll

[2011/10/18 18:13:03 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll

[2011/10/18 18:13:02 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll

[2011/10/18 18:13:01 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys

[2011/10/18 18:13:00 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys

[2011/10/18 18:13:00 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll

[2011/10/13 19:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\Combofix1

[2011/10/12 18:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\Systemlook2

[2011/10/11 20:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\Systemlook1

[2011/10/11 19:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\GetNetworkInfo2

[2011/10/11 18:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\tdsskiller

[2011/10/10 21:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\New Folder

[2011/10/10 20:47:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2

[2011/10/04 22:00:30 | 000,000,000 | ---D | C] -- C:\ec6d5436e57c123f0a81322d9f

[2011/10/04 01:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\New

[2011/10/04 01:23:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

[2011/10/04 00:13:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss

[2011/10/03 23:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/10/03 23:56:36 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/09/29 19:36:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User.D6WZS771\My Documents\My Videos

[2011/09/29 19:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.D6WZS771\Desktop\M

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/26 22:02:44 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/10/26 21:59:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/10/26 21:59:40 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys

[2011/10/26 21:38:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User.D6WZS771\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/10/26 21:36:09 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/10/26 21:17:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/10/25 19:46:24 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\User.D6WZS771\Desktop\peek.bat

[2011/10/25 19:45:02 | 000,079,623 | ---- | M] () -- C:\Documents and Settings\User.D6WZS771\Desktop\Junction.zip

[2011/10/25 19:06:43 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/10/25 18:59:02 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\User.D6WZS771\Desktop\WinsockxpFix.exe

[2011/10/25 18:50:40 | 000,000,141 | ---- | M] () -- C:\Documents and Settings\User.D6WZS771\Desktop\fixme.reg

[2011/10/24 23:29:15 | 000,000,031 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak

[2011/10/24 23:28:55 | 000,448,188 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/10/24 23:28:55 | 000,073,962 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/10/24 23:28:51 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\User.D6WZS771\Desktop\Shortcut to drivers.lnk

[2011/10/24 23:24:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/10/21 00:09:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2011/10/20 14:23:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/10/19 19:15:30 | 004,266,378 | R--- | M] (Swearware) -- C:\Documents and Settings\User.D6WZS771\Desktop\ComboFix.exe

[2011/10/15 00:19:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User.D6WZS771\ping

[2011/10/11 19:31:06 | 000,000,395 | ---- | M] () -- C:\Documents and Settings\User.D6WZS771\Desktop\GetNetworkInfo2.zip

[2011/10/11 18:39:14 | 001,540,270 | ---- | M] () -- C:\Documents and Settings\User.D6WZS771\Desktop\tdsskiller.zip

[2011/09/29 19:35:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User.D6WZS771\defogger_reenable

[2011/09/29 19:31:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\User.D6WZS771\Desktop\dds.scr

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/25 19:49:35 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\User.D6WZS771\Desktop\peek.bat

[2011/10/25 19:47:11 | 000,079,623 | ---- | C] () -- C:\Documents and Settings\User.D6WZS771\Desktop\Junction.zip

[2011/10/25 18:51:20 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\User.D6WZS771\Desktop\fixme.reg

[2011/10/24 23:28:51 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\User.D6WZS771\Desktop\Shortcut to drivers.lnk

[2011/10/24 11:35:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2011/10/21 00:01:44 | 000,000,211 | RHS- | C] () -- C:\BOOT.BAK

[2011/10/21 00:01:40 | 000,260,288 | RHS- | C] () -- C:\cmldr

[2011/10/20 22:37:45 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2011/10/20 21:39:21 | 000,001,902 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din

[2011/10/20 14:23:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/10/19 19:18:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/10/19 19:18:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/10/19 19:18:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/10/19 19:18:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/10/19 19:18:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/10/18 18:42:39 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll

[2011/10/18 18:42:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe

[2011/10/18 18:30:45 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax

[2011/10/18 18:30:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll

[2011/10/18 18:25:29 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax

[2011/10/18 18:20:13 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll

[2011/10/18 18:20:09 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll

[2011/10/18 18:20:04 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll

[2011/10/18 18:19:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll

[2011/10/18 18:19:55 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll

[2011/10/18 18:16:43 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll

[2011/10/18 18:16:41 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll

[2011/10/18 18:16:40 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll

[2011/10/18 18:13:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys

[2011/10/18 18:13:38 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys

[2011/10/18 18:13:37 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys

[2011/10/18 18:13:37 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys

[2011/10/18 18:13:36 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys

[2011/10/18 18:13:36 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys

[2011/10/18 18:13:35 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys

[2011/10/18 18:13:35 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys

[2011/10/18 18:13:33 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys

[2011/10/18 18:13:28 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys

[2011/10/17 22:21:32 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys

[2011/10/15 00:19:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User.D6WZS771\ping

[2011/10/11 19:31:35 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\User.D6WZS771\Desktop\GetNetworkInfo2.zip

[2011/10/11 18:46:54 | 001,540,270 | ---- | C] () -- C:\Documents and Settings\User.D6WZS771\Desktop\tdsskiller.zip

[2011/09/29 19:35:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User.D6WZS771\defogger_reenable

[2011/05/08 20:30:24 | 000,004,498 | -HS- | C] () -- C:\Documents and Settings\User.D6WZS771\Local Settings\Application Data\ubu1g06qna22xo0d6g4fsrfg2do

[2011/05/08 20:30:24 | 000,004,498 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ubu1g06qna22xo0d6g4fsrfg2do

[2010/03/17 20:25:38 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2009/11/22 19:00:25 | 000,067,240 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/05/16 21:36:59 | 000,121,308 | ---- | C] () -- C:\WINDOWS\File Renamer - Basic Uninstaller.exe

[2008/09/20 19:59:00 | 000,042,379 | ---- | C] () -- C:\WINDOWS\convfac.ini

[2008/09/20 19:59:00 | 000,014,775 | ---- | C] () -- C:\WINDOWS\convit.ini

[2007/11/30 18:31:36 | 000,270,848 | ---- | C] () -- C:\WINDOWS\unwise.exe

[2007/11/30 17:48:24 | 000,000,045 | ---- | C] () -- C:\WINDOWS\STORYMKR.INI

[2007/04/15 19:48:07 | 000,000,579 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2006/12/30 23:06:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.User.ini

[2006/12/11 14:04:20 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Disney's Magic Artist.INI

[2006/08/28 17:56:21 | 000,000,737 | ---- | C] () -- C:\WINDOWS\EReg077.dat

[2006/06/29 19:25:36 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI

[2006/06/29 19:18:33 | 000,047,763 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2006/06/29 19:18:33 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2006/06/29 19:18:33 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2006/06/29 19:18:33 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2006/06/29 19:18:33 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2006/06/29 19:18:33 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2006/06/29 19:18:33 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2006/06/29 19:18:33 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2006/06/29 19:18:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2006/06/29 19:18:32 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2006/06/29 19:18:32 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2006/06/29 19:18:32 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2006/06/29 19:18:32 | 000,011,413 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2006/06/29 19:13:42 | 000,000,048 | ---- | C] () -- C:\WINDOWS\EPSPictureMate.ini

[2006/05/14 17:01:43 | 000,000,384 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

[2005/09/16 22:22:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2005/08/06 22:35:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BARBIE.INI

[2005/04/28 20:50:43 | 000,000,159 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI

[2005/04/26 21:51:23 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\User.D6WZS771\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/04/18 21:54:35 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe

[2005/04/16 22:45:35 | 000,000,489 | ---- | C] () -- C:\WINDOWS\ka.ini

[2005/04/16 21:43:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/04/16 21:15:34 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\User.D6WZS771\Local Settings\Application Data\fusioncache.dat

[2005/04/16 20:56:21 | 000,000,803 | ---- | C] () -- C:\WINDOWS\dellstat.ini

[2005/04/16 20:55:20 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll

[2005/04/16 20:55:20 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll

[2005/04/09 00:34:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/04/09 00:31:08 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/04/09 00:27:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2005/04/09 00:02:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe

[2005/04/09 00:02:38 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/01/28 09:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/11/09 14:11:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll

[2004/11/09 14:10:28 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll

[2004/11/09 14:05:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll

[2004/11/09 13:59:26 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll

[2004/10/25 16:58:18 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe

[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 13:57:15 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/10 13:51:20 | 000,448,188 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/10 13:51:20 | 000,073,962 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003/10/08 10:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2009/02/03 16:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2006/04/23 12:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show

[2010/12/05 20:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2009/05/22 19:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes

[2008/12/14 18:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9

[2011/08/28 10:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint

[2011/10/14 12:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/03/22 03:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2010/04/02 20:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/11/14 15:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/01/02 19:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.D6WZS771\Application Data\aicon

[2008/12/14 18:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.D6WZS771\Application Data\Eyeblaster

[2005/04/26 21:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.D6WZS771\Application Data\FUJIFILM

[2011/01/12 11:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.D6WZS771\Application Data\IsolatedStorage

[2005/04/30 23:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.D6WZS771\Application Data\Leadertech

[2011/06/13 20:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.D6WZS771\Application Data\Pershing

[2010/01/11 19:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.D6WZS771\Application Data\SystemRequirementsLab

[2010/09/20 13:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.D6WZS771\Application Data\TechWizard

[2008/07/08 18:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.D6WZS771\Application Data\Viewpoint

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/12/30 22:10:29 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK

[2011/10/21 00:09:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2008/04/14 01:02:08 | 000,260,288 | RHS- | M] () -- C:\cmldr

[2011/10/22 14:45:30 | 000,011,835 | ---- | M] () -- C:\ComboFix.txt

[2005/04/09 00:06:34 | 000,004,777 | RH-- | M] () -- C:\dell.sdr

[2011/10/26 21:59:40 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys

[2008/04/19 23:05:55 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1

[2008/08/04 10:37:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/08/04 10:37:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011/10/18 20:22:24 | 000,010,679 | ---- | M] () -- C:\NetworkDetails2.txt

[2009/10/24 08:29:51 | 000,001,051 | ---- | M] () -- C:\net_save.dna

[2008/04/13 23:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/14 01:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011/10/26 21:59:29 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\tcpip.sys

[2011/10/11 19:31:10 | 000,059,438 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_11.10.2011_18.47.30_log.txt

< %systemroot%\Fonts\*.com >

[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2004/08/10 14:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2004/10/08 14:49:02 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL

[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

[2001/05/07 18:14:22 | 000,303,104 | ---- | M] () -- C:\WINDOWS\Film Factory.scr

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

[2009/11/15 19:36:49 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2005/04/16 16:04:00 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\User.D6WZS771\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

[2004/08/10 14:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\User.D6WZS771\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

[2011/10/19 19:15:30 | 004,266,378 | R--- | M] (Swearware) -- C:\Documents and Settings\User.D6WZS771\Desktop\ComboFix.exe

[1999/10/15 09:32:32 | 000,240,160 | ---- | M] (SMI Corporation) -- C:\Documents and Settings\User.D6WZS771\Desktop\Convert Pro.exe

[2011/10/25 18:59:02 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\User.D6WZS771\Desktop\WinsockxpFix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

[2010/09/20 12:58:51 | 016,239,360 | ---- | M] (Verizon ) -- C:\Documents and Settings\User.D6WZS771\My Documents\VZ.FIOSREG_2010_2010_20_11_57_29_2201edp.00000.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

[2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

[2005/04/16 16:03:59 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\User.D6WZS771\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

File Renamer - Basic Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

[2011/10/26 22:13:04 | 000,016,384 | -HS- | M] () -- C:\Documents and Settings\User.D6WZS771\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========

[2010/02/17 19:44:25 | 000,000,000 | ---D | M](C:\Documents and Settings\User.D6WZS771\Favorites\?£sorted Bookmarks) -- C:\Documents and Settings\User.D6WZS771\Favorites\饈£sorted Bookmarks

< End of report >

Link to post
Share on other sites

And the Extras.txt file:

OTL Extras logfile created on: 10/26/2011 10:07:18 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User.D6WZS771\Desktop\OTL

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 725.09 Mb Available Physical Memory | 70.95% Memory free

1.66 Gb Paging File | 1.49 Gb Available in Paging File | 90.21% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.20 Gb Total Space | 15.58 Gb Free Space | 21.89% Space Free | Partition Type: NTFS

Drive F: | 1.86 Gb Total Space | 1.46 Gb Free Space | 78.51% Space Free | Partition Type: FAT

Computer Name: DELL | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()

"C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC

"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11

"{0815D55A-5EFF-4E1B-8C04-7035E914D90D}" = OLYMPUS Master 2

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement

"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{50AD75E8-547E-4998-8C06-BF5CEEF30813}" = Acronis True Image

"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes

"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix

"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AT&T WorldNet Software" = AT&T WorldNet Setup

"CCleaner" = CCleaner

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem

"Cub Rummy_is1" = Cub Rummy 1.1

"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922

"DX-Ball II" = DX-Ball II

"EPSON Printer and Utilities" = EPSON Printer Software

"File Renamer - Basic" = File Renamer - Basic

"ie8" = Windows Internet Explorer 8

"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11

"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)

"Musicnotes Player_is1" = Musicnotes Player V1.23.2

"Pinball Arcade 1.0" = Microsoft Pinball Arcade

"PROSet" = Intel® PRO Network Adapters and Drivers

"RealPlayer 6.0" = RealPlayer Basic

"RSX2DeinstKey" = Intel RSX 3D

"Silent Package Run-Time Sample" = EPSON PictureMate Deluxe User's Guide

"StreetPlugin" = Learn2 Player (Uninstall Only)

"Super Collapse! II" = Super Collapse! II

"VLC media player" = VLC media player 0.9.9

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Cognitive Tutor" = Cognitive Tutor

"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 10/14/2011 10:02:47 AM | Computer Name = DELL | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 10/14/2011 10:02:47 AM | Computer Name = DELL | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 10/14/2011 10:02:48 AM | Computer Name = DELL | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 10/14/2011 10:02:48 AM | Computer Name = DELL | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 10/19/2011 7:13:13 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100

Description =

Error - 10/19/2011 7:13:13 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100

Description =

Error - 10/19/2011 7:13:15 PM | Computer Name = DELL | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module

iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0.

Error - 10/19/2011 7:29:24 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100

Description =

Error - 10/19/2011 7:29:24 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100

Description =

Error - 10/25/2011 6:54:56 PM | Computer Name = DELL | Source = JavaQuickStarterService | ID = 1

Description =

[ System Events ]

Error - 10/26/2011 9:38:33 PM | Computer Name = DELL | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 10/26/2011 9:38:33 PM | Computer Name = DELL | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 10/26/2011 9:38:33 PM | Computer Name = DELL | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 15 minutes. NtpClient has no source of accurate

time.

Error - 10/26/2011 9:39:11 PM | Computer Name = DELL | Source = DCOM | ID = 10010

Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register

with DCOM within the required timeout.

Error - 10/26/2011 9:59:58 PM | Computer Name = DELL | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 10/26/2011 9:59:58 PM | Computer Name = DELL | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 10/26/2011 9:59:59 PM | Computer Name = DELL | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 10/26/2011 9:59:59 PM | Computer Name = DELL | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 10/26/2011 10:14:59 PM | Computer Name = DELL | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 30 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 10/26/2011 10:14:59 PM | Computer Name = DELL | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 30 minutes. NtpClient has no source of accurate

time.

< End of report >

Link to post
Share on other sites

OTL Fix

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [RESETHOSTS]
    [purity]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Link to post
Share on other sites

Here is the log:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

->Flash cache emptied: 56504 bytes

User: Granny

->Flash cache emptied: 13683 bytes

User: LocalService

->Flash cache emptied: 427 bytes

User: NetworkService

User: Rachel

->Flash cache emptied: 245722 bytes

User: User

User: User.D6WZS771

->Flash cache emptied: 2208 bytes

User: USER~1~D6W

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67723 bytes

->Flash cache emptied: 0 bytes

User: Granny

->Temp folder emptied: 920051 bytes

->Temporary Internet Files folder emptied: 189227743 bytes

->Java cache emptied: 21098 bytes

->FireFox cache emptied: 25561127 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: Rachel

->Temp folder emptied: 289082833 bytes

->Temporary Internet Files folder emptied: 106034117 bytes

->Java cache emptied: 28251743 bytes

->FireFox cache emptied: 608060011 bytes

->Flash cache emptied: 0 bytes

User: User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: User.D6WZS771

->Temp folder emptied: 6996489 bytes

->Temporary Internet Files folder emptied: 160926 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 51740461 bytes

->Google Chrome cache emptied: 557424 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: USER~1~D6W

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 32768 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes

RecycleBin emptied: 3679872 bytes

Total Files Cleaned = 1,250.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 10272011_185459

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

The host should be OK.

The main thing I was looking at were the restrictions

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

IPCONFIG /release

IPCONFIG /flushdns

IPCONFIG /renew

IPCONFIG /registerdns

netsh winsock reset

netsh int ip reset

regsvr32 netshell.dll

regsvr32 netcfgx.dll

regsvr32 netman.dll

Exit

Reboot

Link to post
Share on other sites

Hi again.

Did some searching on the web and came across a topic on another forum where someone seems to have had the same problem as me, (zeroaccess rootkit and then no internet connection). Looks like they had an issue with ipsec.sys being patched by malware. The size of the file was consistent with a good copy of the file, (the file on my system is the same size too) but apparently it was corrupted somehow. Looks like they fixed the issue using a ComboFix script to replace the file.

I tried replacing the file on my system by simply dragging another copy into the drivers folder and rebooting but it had no effect. (I have since put the original file back.) Not sure if using ComboFix to do it would make a difference.

If you are interested check out post #23 here: http://www.bleepingcomputer.com/forums/topic411986.html/page__st__15

The OTL log with the file size listed is in post #18

Not sure if any of this helps, just throwing it out there.

Thanks.

Link to post
Share on other sites

I thought we already did that or something like that with a different file.....

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FCopy::
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys | C:\WINDOWS\system32\drivers\ipsec.sys

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Ran ComboFix. Still cannont connect.

Here is the log:

ComboFix 11-10-28.04 - User 10/28/2011 16:00:45.6.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.711 [GMT -4:00]

Running from: c:\documents and settings\User.D6WZS771\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\User.D6WZS771\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\help\tours\htmltour\unlock_playing.htm

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys

.

((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))

.

.

2011-10-27 22:54 . 2011-10-27 22:54 -------- d-----w- C:\_OTL

2011-10-27 01:33 . 2011-10-27 01:34 -------- dc-h--w- c:\windows\ie8

2011-10-24 15:35 . 2004-02-19 00:40 12288 ----a-w- c:\windows\system32\e100bmsg.dll

2011-10-24 15:35 . 2003-07-28 13:55 24064 ----a-w- c:\windows\system32\IntelNic.dll

2011-10-24 15:26 . 2008-06-20 11:51 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-10-20 18:23 . 2011-10-20 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-20 18:23 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-19 22:33 . 2008-06-20 11:59 361600 ----a-w- C:\tcpip.sys

2011-10-18 22:17 . 2001-08-17 16:10 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys

2011-10-18 22:17 . 2001-08-17 16:10 44103 ----a-w- c:\windows\system32\dllcache\el515.sys

2011-10-18 22:17 . 2004-08-04 10:00 514587 ----a-w- c:\windows\system32\dllcache\edb500.dll

2011-10-18 22:17 . 2001-08-17 16:12 19594 ----a-w- c:\windows\system32\dllcache\e100isa4.sys

2011-10-18 22:17 . 2001-08-17 16:12 50719 ----a-w- c:\windows\system32\dllcache\e1000nt5.sys

2011-10-18 22:17 . 2001-08-17 16:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys

2011-10-18 22:15 . 2001-08-17 16:12 63208 ----a-w- c:\windows\system32\dllcache\dc21x4.sys

2011-10-18 22:14 . 2004-08-04 10:00 780885 ----a-w- c:\windows\system32\dllcache\chkrres.dll

2011-10-18 22:13 . 2001-08-17 17:12 12160 ----a-w- c:\windows\system32\dllcache\brfiltlo.sys

2011-10-18 22:12 . 2008-04-13 17:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys

2011-10-13 00:19 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-13 00:19 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\dllcache\afd.sys

2011-10-12 00:44 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers.afd.sys

2011-10-11 00:47 . 2011-10-28 19:59 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-05 02:00 . 2011-10-05 02:02 -------- d-----w- C:\ec6d5436e57c123f0a81322d9f

2011-10-04 05:23 . 2011-10-04 05:23 -------- d-----w- c:\windows\system32\CatRoot_bak

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 00:18 . 2011-05-28 18:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-05 22:45 . 2011-03-31 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-10-22_17.02.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-28 20:15 . 2011-10-28 20:15 16384 c:\windows\temp\Perflib_Perfdata_71c.dat

+ 2004-08-10 17:51 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll

- 2004-08-10 17:51 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll

- 2004-08-10 17:51 . 2011-10-21 01:39 73962 c:\windows\system32\perfc009.dat

+ 2004-08-10 17:51 . 2011-10-25 03:28 73962 c:\windows\system32\perfc009.dat

- 2004-08-10 17:51 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll

+ 2004-08-10 17:51 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll

+ 2004-08-10 17:51 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll

- 2004-08-10 17:51 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll

- 2004-08-10 17:51 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe

+ 2004-08-10 17:51 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe

+ 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe

- 2009-03-08 09:31 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe

- 2009-03-08 09:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll

+ 2009-03-08 08:31 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll

+ 2004-08-10 17:51 . 2009-03-08 08:34 43008 c:\windows\system32\licmgr10.dll

- 2004-08-10 17:51 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-10 17:51 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-10 17:51 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll

- 2004-08-10 17:51 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll

- 2004-08-10 17:51 . 2009-03-08 09:31 34816 c:\windows\system32\imgutil.dll

+ 2004-08-10 17:51 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll

+ 2004-08-10 17:51 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll

- 2004-08-10 17:51 . 2009-03-08 09:32 71680 c:\windows\system32\iesetup.dll

+ 2004-08-10 17:51 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll

- 2004-08-10 17:51 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll

- 2009-03-08 09:31 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll

+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll

- 2004-08-10 17:51 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll

+ 2009-03-08 08:31 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll

- 2004-08-10 17:51 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll

+ 2009-03-08 08:31 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll

+ 2009-03-08 08:31 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2004-08-10 17:51 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2004-08-10 17:51 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe

+ 2009-03-08 08:31 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe

+ 2009-03-08 08:34 . 2009-03-08 08:34 43008 c:\windows\system32\dllcache\licmgr10.dll

+ 2009-03-08 08:33 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2004-08-10 17:51 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2004-08-10 17:51 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll

+ 2009-03-08 08:32 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll

+ 2009-03-08 08:31 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll

- 2004-08-10 17:51 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll

+ 2009-03-08 08:32 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll

- 2004-08-10 17:51 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll

- 2004-08-10 17:51 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll

+ 2009-03-08 08:32 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll

+ 2009-03-08 08:24 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll

- 2004-08-10 18:02 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll

+ 2009-03-08 08:33 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll

- 2004-08-10 17:50 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll

- 2004-08-10 17:50 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll

+ 2009-03-08 08:32 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll

- 2004-08-10 17:50 . 2009-03-08 09:33 18944 c:\windows\system32\corpol.dll

+ 2004-08-10 17:50 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll

- 2004-08-10 17:50 . 2009-03-08 09:32 72704 c:\windows\system32\admparse.dll

+ 2004-08-10 17:50 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 37888 c:\windows\ie8\url.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 37888 c:\windows\ie8\url.dll

- 2009-11-14 21:48 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll

+ 2011-10-27 01:34 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll

- 2009-11-14 21:47 . 2005-07-03 02:11 39424 c:\windows\ie8\pngfilt.dll

+ 2011-10-27 01:33 . 2005-07-03 02:11 39424 c:\windows\ie8\pngfilt.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 96256 c:\windows\ie8\occache.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 96256 c:\windows\ie8\occache.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 56832 c:\windows\ie8\mshtmler.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 56832 c:\windows\ie8\mshtmler.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 29184 c:\windows\ie8\mshta.exe

+ 2011-10-27 01:33 . 2004-08-04 10:00 29184 c:\windows\ie8\mshta.exe

+ 2011-10-27 01:33 . 2004-08-04 10:00 22016 c:\windows\ie8\licmgr10.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 22016 c:\windows\ie8\licmgr10.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 15872 c:\windows\ie8\jsproxy.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 15872 c:\windows\ie8\jsproxy.dll

- 2009-11-14 21:47 . 2005-07-03 02:11 96256 c:\windows\ie8\inseng.dll

+ 2011-10-27 01:33 . 2005-07-03 02:11 96256 c:\windows\ie8\inseng.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 35840 c:\windows\ie8\imgutil.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 35840 c:\windows\ie8\imgutil.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 93184 c:\windows\ie8\iexplore.exe

+ 2011-10-27 01:33 . 2004-08-04 10:00 93184 c:\windows\ie8\iexplore.exe

- 2009-11-14 21:47 . 2004-08-04 10:00 62976 c:\windows\ie8\iesetup.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 62976 c:\windows\ie8\iesetup.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 48640 c:\windows\ie8\iernonce.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 48640 c:\windows\ie8\iernonce.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 81920 c:\windows\ie8\ieencode.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 81920 c:\windows\ie8\ieencode.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 34304 c:\windows\ie8\ie4uinit.exe

+ 2011-10-27 01:33 . 2004-08-04 10:00 34304 c:\windows\ie8\ie4uinit.exe

- 2009-11-14 21:47 . 2004-08-04 10:00 38912 c:\windows\ie8\hmmapi.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 38912 c:\windows\ie8\hmmapi.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 35328 c:\windows\ie8\corpol.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 35328 c:\windows\ie8\corpol.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 99840 c:\windows\ie8\advpack.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 99840 c:\windows\ie8\advpack.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 61440 c:\windows\ie8\admparse.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 61440 c:\windows\ie8\admparse.dll

+ 2004-08-10 17:51 . 2009-03-08 08:34 914944 c:\windows\system32\wininet.dll

+ 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe

- 2009-03-08 09:34 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe

+ 2004-08-10 17:51 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll

- 2004-08-10 17:51 . 2009-03-08 09:34 236544 c:\windows\system32\webcheck.dll

+ 2004-08-10 17:51 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll

+ 2004-08-10 17:51 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll

- 2004-08-10 17:51 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll

+ 2004-08-10 17:51 . 2009-01-07 22:20 474112 c:\windows\system32\shlwapi.dll

- 2004-08-10 17:51 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll

- 2005-04-09 04:02 . 2003-11-21 19:26 118784 c:\windows\system32\Prounstl.exe

+ 2005-04-09 04:02 . 2003-11-21 22:26 118784 c:\windows\system32\Prounstl.exe

+ 2004-08-10 17:51 . 2011-10-25 03:28 448188 c:\windows\system32\perfh009.dat

- 2004-08-10 17:51 . 2011-10-21 01:39 448188 c:\windows\system32\perfh009.dat

+ 2004-08-10 17:51 . 2009-03-08 08:34 109568 c:\windows\system32\occache.dll

- 2004-08-10 17:51 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll

+ 2004-08-10 17:51 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll

- 2004-08-10 17:51 . 2009-03-08 09:34 193536 c:\windows\system32\msrating.dll

+ 2004-08-10 17:51 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll

- 2004-08-10 17:51 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll

+ 2004-08-10 17:51 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll

+ 2009-03-08 08:32 . 2009-03-08 08:32 594432 c:\windows\system32\msfeeds.dll

- 2004-08-10 17:51 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll

+ 2004-08-10 17:51 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll

+ 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll

- 2009-03-08 09:22 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll

+ 2004-08-10 17:51 . 2009-03-08 08:31 183808 c:\windows\system32\iepeers.dll

+ 2004-08-10 17:51 . 2009-03-08 18:09 391536 c:\windows\system32\iedkcs32.dll

+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll

- 2009-03-08 09:11 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll

+ 2004-08-10 17:51 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll

- 2004-08-10 17:51 . 2009-03-08 09:32 163840 c:\windows\system32\ieakui.dll

+ 2004-08-10 17:51 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll

- 2004-08-10 17:51 . 2009-03-08 09:33 229376 c:\windows\system32\ieaksie.dll

+ 2004-08-10 17:51 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll

- 2004-08-10 17:51 . 2009-03-08 09:33 125952 c:\windows\system32\ieakeng.dll

+ 2004-08-10 17:51 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe

+ 2004-08-10 17:51 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll

- 2004-08-10 17:51 . 2009-03-08 09:31 216064 c:\windows\system32\dxtrans.dll

- 2004-08-10 17:51 . 2009-03-08 09:31 348160 c:\windows\system32\dxtmsft.dll

+ 2004-08-10 17:51 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll

+ 2004-08-10 17:59 . 2004-02-10 22:49 154112 c:\windows\system32\drivers\e100b325.sys

- 2004-08-10 17:59 . 2004-02-10 19:49 154112 c:\windows\system32\drivers\e100b325.sys

+ 2009-03-08 08:34 . 2009-03-08 08:34 914944 c:\windows\system32\dllcache\wininet.dll

- 2004-08-10 17:51 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll

+ 2009-03-08 08:34 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll

+ 2004-08-10 18:02 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll

- 2004-08-10 18:02 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\vgx.dll

+ 2004-08-10 17:51 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll

- 2004-08-10 17:51 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll

+ 2009-03-08 08:34 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll

- 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll

+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll

- 2004-08-10 17:51 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll

+ 2009-01-07 22:20 . 2009-01-07 22:20 474112 c:\windows\system32\dllcache\shlwapi.dll

+ 2009-03-08 08:34 . 2009-03-08 08:34 109568 c:\windows\system32\dllcache\occache.dll

- 2004-08-10 17:51 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll

+ 2009-03-08 08:32 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll

- 2004-08-10 17:51 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll

+ 2009-03-08 08:34 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll

- 2004-08-10 17:51 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll

+ 2009-03-08 08:22 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll

- 2004-08-10 17:51 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll

+ 2004-08-10 17:51 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll

- 2004-08-10 18:02 . 2009-03-08 19:09 638816 c:\windows\system32\dllcache\iexplore.exe

+ 2009-03-08 18:09 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe

+ 2009-03-08 08:31 . 2009-03-08 08:31 183808 c:\windows\system32\dllcache\iepeers.dll

+ 2009-03-08 18:09 . 2009-03-08 18:09 391536 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-03-08 08:32 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll

- 2004-08-10 17:51 . 2009-03-08 09:32 163840 c:\windows\system32\dllcache\ieakui.dll

+ 2009-03-08 08:33 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll

- 2004-08-10 17:51 . 2009-03-08 09:33 229376 c:\windows\system32\dllcache\ieaksie.dll

+ 2009-03-08 08:33 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll

- 2004-08-10 17:51 . 2009-03-08 09:33 125952 c:\windows\system32\dllcache\ieakeng.dll

+ 2009-03-08 08:32 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe

- 2004-08-10 17:51 . 2009-03-08 09:31 216064 c:\windows\system32\dllcache\dxtrans.dll

+ 2009-03-08 08:31 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll

- 2004-08-10 17:51 . 2009-03-08 09:31 348160 c:\windows\system32\dllcache\dxtmsft.dll

+ 2009-03-08 08:31 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll

+ 2009-03-08 08:32 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll

- 2004-08-10 17:50 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll

+ 2004-08-10 17:50 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll

- 2004-08-10 17:50 . 2009-03-08 09:32 128512 c:\windows\system32\advpack.dll

+ 2010-09-07 19:39 . 2010-09-07 19:39 150392 c:\windows\junction.exe

+ 2011-10-27 01:33 . 2005-07-03 02:11 658432 c:\windows\ie8\wininet.dll

- 2009-11-14 21:47 . 2005-07-03 02:11 658432 c:\windows\ie8\wininet.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 276480 c:\windows\ie8\webcheck.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 276480 c:\windows\ie8\webcheck.dll

+ 2011-10-27 01:33 . 2007-06-26 15:13 851968 c:\windows\ie8\vgx.dll

- 2009-11-14 21:47 . 2007-06-26 15:13 851968 c:\windows\ie8\vgx.dll

- 2009-11-14 21:47 . 2007-12-18 14:40 417792 c:\windows\ie8\vbscript.dll

+ 2011-10-27 01:33 . 2007-12-18 14:40 417792 c:\windows\ie8\vbscript.dll

+ 2011-10-27 01:33 . 2005-07-03 02:11 607744 c:\windows\ie8\urlmon.dll

- 2009-11-14 21:47 . 2005-07-03 02:11 607744 c:\windows\ie8\urlmon.dll

- 2009-11-14 21:48 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll

+ 2011-10-27 01:34 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll

+ 2011-10-27 01:34 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe

- 2009-11-14 21:48 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe

- 2009-11-14 21:47 . 2005-09-02 23:52 473600 c:\windows\ie8\shlwapi.dll

+ 2011-10-27 01:33 . 2005-09-02 23:52 473600 c:\windows\ie8\shlwapi.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 530432 c:\windows\ie8\mstime.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 530432 c:\windows\ie8\mstime.dll

- 2009-11-14 21:47 . 2005-07-03 02:11 146432 c:\windows\ie8\msrating.dll

+ 2011-10-27 01:33 . 2005-07-03 02:11 146432 c:\windows\ie8\msrating.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 146432 c:\windows\ie8\msls31.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 146432 c:\windows\ie8\msls31.dll

+ 2011-10-27 01:33 . 2005-07-03 02:11 448512 c:\windows\ie8\mshtmled.dll

- 2009-11-14 21:47 . 2005-07-03 02:11 448512 c:\windows\ie8\mshtmled.dll

- 2009-11-14 21:47 . 2007-12-18 14:40 450560 c:\windows\ie8\jscript.dll

+ 2011-10-27 01:33 . 2007-12-18 14:40 450560 c:\windows\ie8\jscript.dll

- 2009-11-14 21:47 . 2005-07-03 02:11 251392 c:\windows\ie8\iepeers.dll

+ 2011-10-27 01:33 . 2005-07-03 02:11 251392 c:\windows\ie8\iepeers.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 323584 c:\windows\ie8\iedkcs32.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 323584 c:\windows\ie8\iedkcs32.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 221184 c:\windows\ie8\ieakui.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 221184 c:\windows\ie8\ieakui.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 216576 c:\windows\ie8\ieaksie.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 216576 c:\windows\ie8\ieaksie.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 139264 c:\windows\ie8\ieakeng.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 139264 c:\windows\ie8\ieakeng.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 201728 c:\windows\ie8\dxtrans.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 201728 c:\windows\ie8\dxtrans.dll

+ 2011-10-27 01:33 . 2004-08-04 10:00 357888 c:\windows\ie8\dxtmsft.dll

- 2009-11-14 21:47 . 2004-08-04 10:00 357888 c:\windows\ie8\dxtmsft.dll

+ 2004-08-10 17:51 . 2009-03-08 08:34 1206784 c:\windows\system32\urlmon.dll

+ 2004-08-10 17:51 . 2009-01-07 22:20 1497088 c:\windows\system32\shdocvw.dll

+ 2004-08-10 17:51 . 2009-03-08 08:41 5937152 c:\windows\system32\mshtml.dll

+ 2009-03-08 08:32 . 2009-03-08 08:32 1985024 c:\windows\system32\iertutil.dll

+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat

- 2009-02-07 02:07 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat

+ 2009-03-08 08:34 . 2009-03-08 08:34 1206784 c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-10 17:51 . 2009-01-07 22:20 1497088 c:\windows\system32\dllcache\shdocvw.dll

+ 2009-03-08 08:41 . 2009-03-08 08:41 5937152 c:\windows\system32\dllcache\mshtml.dll

+ 2009-01-07 22:20 . 2009-01-07 22:20 1022976 c:\windows\system32\dllcache\browseui.dll

+ 2004-08-10 17:50 . 2009-01-07 22:20 1022976 c:\windows\system32\browseui.dll

- 2009-11-14 21:47 . 2006-09-04 06:08 1494016 c:\windows\ie8\shdocvw.dll

+ 2011-10-27 01:33 . 2006-09-04 06:08 1494016 c:\windows\ie8\shdocvw.dll

- 2009-11-14 21:47 . 2005-07-20 02:00 3014144 c:\windows\ie8\mshtml.dll

+ 2011-10-27 01:33 . 2005-07-20 02:00 3014144 c:\windows\ie8\mshtml.dll

+ 2011-10-27 01:33 . 2005-07-03 02:11 1019904 c:\windows\ie8\browseui.dll

- 2009-11-14 21:47 . 2005-07-03 02:11 1019904 c:\windows\ie8\browseui.dll

+ 2009-03-08 08:39 . 2009-03-08 08:39 11063808 c:\windows\system32\ieframe.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniMavis.lnk

backup=c:\windows\pss\MiniMavis.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]

2004-11-10 19:36 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLBTCATS]

2004-11-09 21:41 69632 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlbttime.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2005-04-09 04:28 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 02:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 23:15 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2004-01-07 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/20/2011 2:23 PM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/20/2011 2:23 PM 22216]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S3 cpuz130;cpuz130;\??\c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]

.

2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

mWindow Title = Windows Internet Explorer provided by Comcast

TCP: DhcpNameServer = 192.168.1.1

DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB

FF - ProfilePath - c:\documents and settings\User.D6WZS771\Application Data\Mozilla\Firefox\Profiles\pd9d5dol.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-28 16:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3672)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-10-28 16:30:02 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-28 20:29

ComboFix2.txt 2011-10-22 18:45

ComboFix3.txt 2011-10-22 17:07

ComboFix4.txt 2011-10-19 23:55

.

Pre-Run: 18,095,255,552 bytes free

Post-Run: 18,072,391,680 bytes free

.

- - End Of File - - E7F12343941F5EC292EEC6A7AEA5D0FC

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FCopy::
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys | C:\WINDOWS\system32\drivers\ipsec.sys
C:\i386\tcpip.sys | C:\WINDOWS\system32\drivers\tcpip.sys
C:\WINDOWS\ServicePackFiles\i386\afd.sys | c:\windows\system32\drivers\afd.sys

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Still no luck.

Here is the ComboFix log:

ComboFix 11-10-28.04 - User 10/28/2011 19:22:49.7.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.715 [GMT -4:00]

Running from: c:\documents and settings\User.D6WZS771\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\User.D6WZS771\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys

c:\i386\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys

c:\windows\ServicePackFiles\i386\afd.sys --> c:\windows\system32\drivers\afd.sys

.

((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))

.

.

2011-10-27 22:54 . 2011-10-27 22:54 -------- d-----w- C:\_OTL

2011-10-27 01:33 . 2011-10-27 01:34 -------- dc-h--w- c:\windows\ie8

2011-10-24 15:35 . 2004-02-19 00:40 12288 ----a-w- c:\windows\system32\e100bmsg.dll

2011-10-24 15:35 . 2003-07-28 13:55 24064 ----a-w- c:\windows\system32\IntelNic.dll

2011-10-24 15:26 . 2004-08-04 10:00 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-10-20 18:23 . 2011-10-20 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-20 18:23 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-19 22:33 . 2008-06-20 11:59 361600 ----a-w- C:\tcpip.sys

2011-10-18 22:17 . 2001-08-17 16:10 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys

2011-10-18 22:17 . 2001-08-17 16:10 44103 ----a-w- c:\windows\system32\dllcache\el515.sys

2011-10-18 22:17 . 2004-08-04 10:00 514587 ----a-w- c:\windows\system32\dllcache\edb500.dll

2011-10-18 22:17 . 2001-08-17 16:12 19594 ----a-w- c:\windows\system32\dllcache\e100isa4.sys

2011-10-18 22:17 . 2001-08-17 16:12 50719 ----a-w- c:\windows\system32\dllcache\e1000nt5.sys

2011-10-18 22:17 . 2001-08-17 16:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys

2011-10-18 22:15 . 2001-08-17 16:12 63208 ----a-w- c:\windows\system32\dllcache\dc21x4.sys

2011-10-18 22:14 . 2004-08-04 10:00 780885 ----a-w- c:\windows\system32\dllcache\chkrres.dll

2011-10-18 22:13 . 2001-08-17 17:12 12160 ----a-w- c:\windows\system32\dllcache\brfiltlo.sys

2011-10-18 22:12 . 2008-04-13 17:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys

2011-10-13 00:19 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-13 00:19 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\dllcache\afd.sys

2011-10-12 00:44 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers.afd.sys

2011-10-11 00:47 . 2011-10-28 23:21 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-05 02:00 . 2011-10-05 02:02 -------- d-----w- C:\ec6d5436e57c123f0a81322d9f

2011-10-04 05:23 . 2011-10-04 05:23 -------- d-----w- c:\windows\system32\CatRoot_bak

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 00:18 . 2011-05-28 18:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-05 22:45 . 2011-03-31 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-10-28_20.20.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-28 23:35 . 2011-10-28 23:35 16384 c:\windows\temp\Perflib_Perfdata_590.dat

+ 2011-10-24 15:26 . 2004-08-04 10:00 359040 c:\windows\system32\dllcache\tcpip.sys

- 2004-08-10 17:51 . 2004-08-04 12:00 359040 c:\windows\system32\dllcache\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniMavis.lnk

backup=c:\windows\pss\MiniMavis.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]

2004-11-10 19:36 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLBTCATS]

2004-11-09 21:41 69632 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlbttime.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2005-04-09 04:28 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 02:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 23:15 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2004-01-07 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/20/2011 2:23 PM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/20/2011 2:23 PM 22216]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S3 cpuz130;cpuz130;\??\c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\USER~1.D6W\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 6:46 PM 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]

.

2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx

mWindow Title = Windows Internet Explorer provided by Comcast

TCP: DhcpNameServer = 192.168.1.1

DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB

FF - ProfilePath - c:\documents and settings\User.D6WZS771\Application Data\Mozilla\Firefox\Profiles\pd9d5dol.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-28 19:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3604)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-10-28 19:44:03 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-28 23:44

ComboFix2.txt 2011-10-28 20:30

ComboFix3.txt 2011-10-22 18:45

ComboFix4.txt 2011-10-22 17:07

ComboFix5.txt 2011-10-28 23:20

.

Pre-Run: 18,073,055,232 bytes free

Post-Run: 18,054,696,960 bytes free

.

- - End Of File - - AE19AE7E8416CAD6972DDB35F807095A

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.