WiredWX Hobby Weather ToolsLog in

 


descriptionTrojan.Agent EmptyTrojan.Agent

more_horiz
I have a Windows XP system that is running really slow. MSSE and Malwarebytes doesn't find anything when scanned. But When I run Malwarebytes in safemode I get 36000+ things it detects. When I try to Remove Selected I get "Run-time error '6': Overflow". I've tried the recommended action of using mbam-clean.exe rebooting then reinstalling Malwarebytes to see if that will fix the problem but it does the same thing. Various log text files to follow:

OTL.Txt

Code:


OTL logfile created on: 9/4/2011 1:30:49 PM - Run 1
OTL by OldTimer - Version 3.2.27.0    Folder = C:\Documents and Settings\Jana\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1021.98 Mb Total Physical Memory | 566.32 Mb Available Physical Memory | 55.41% Memory free
1.66 Gb Paging File | 1.27 Gb Available in Paging File | 76.60% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 84.21 Gb Free Space | 77.55% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 37.16 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
 
Computer Name: D9MRT1B1 | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/09/04 13:28:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jana\My Documents\Downloads\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/07 12:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/09 17:34:54 | 000,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2005/10/27 23:41:52 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2005/10/21 02:40:26 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/09/04 01:31:59 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/09/04 00:45:29 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/09/03 23:37:44 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/09/03 23:36:47 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/09/03 23:36:12 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/09/03 23:36:01 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/09/03 23:33:50 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/09/03 23:33:39 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/09/03 23:33:05 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/09/03 23:32:44 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/09/03 23:31:19 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/09/03 23:28:24 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/07/11 17:25:00 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/02/22 10:05:18 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/02/22 10:05:17 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/02/22 10:05:16 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/02/22 10:05:13 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/02/22 10:05:12 | 000,023,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2010/02/22 10:05:12 | 000,012,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2010/02/22 10:05:11 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/02/22 10:05:11 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/02/22 10:05:10 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/22 10:05:10 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/02/22 10:05:09 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/02/22 10:05:09 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/02/15 12:33:13 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.12__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2009/02/15 12:33:13 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.12__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2009/02/15 12:33:12 | 000,401,696 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.12__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2009/02/15 12:33:12 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/02/15 12:33:11 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.12__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2009/02/15 12:33:11 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.12__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/02/15 12:33:10 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.12__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/02/04 22:13:24 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/02/04 22:13:23 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/02/04 19:57:05 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/02/04 19:57:03 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/02/04 19:57:01 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/02/04 19:57:01 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2009/02/04 19:57:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/02/04 19:56:59 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2005/08/26 06:43:12 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccfg.dll
MOD - [2005/04/27 08:30:44 | 000,118,784 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlccdrec.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/10/27 23:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/09/04 13:23:44 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ABF9FCAF-AD01-4E59-AF80-98217F790F3D}\MpKsle6a7bfad.sys -- (MpKsle6a7bfad)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/24 17:24:37 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/02/11 16:34:50 | 000,021,808 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\Aldebaran.sys -- (Aldebaran)
DRV - [2004/02/11 16:34:46 | 000,016,855 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Achernar.sys -- (Achernar)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://signout.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://signout.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 20:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/03 20:45:37 | 000,000,000 | ---D | M]
 
[2009/07/22 17:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jana\Application Data\Mozilla\Extensions
[2011/09/03 20:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jana\Application Data\Mozilla\Firefox\Profiles\q0q70v51.default\extensions
[2011/03/08 15:30:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jana\Application Data\Mozilla\Firefox\Profiles\q0q70v51.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/03 20:34:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Jana\Application Data\Mozilla\Firefox\Profiles\q0q70v51.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/09/03 20:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/08 11:45:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/03 13:51:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/07/21 14:21:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/30 17:59:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/30 14:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Smart Start UP] C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248307181156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43688649-4315-4DA5-BDEF-645E42A8C5B1}: DhcpNameServer = 10.0.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jana\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jana\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: LanmanWorkstation -  File not found
NetSvcs: Messenger -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: Netlogon - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Browser - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: LanmanWorkstation - Service
SafeBootNet: Messenger -  File not found
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOS - Service
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Netlogon - Service
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPEG - C:\WINDOWS\System32\JpegCode.dll (Zoran Microelectronics Ltd.)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\JpegCode.dll (Zoran Microelectronics Ltd.)
Drivers32: VIDC.NSVI - C:\WINDOWS\System32\Nsvideo.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/09/04 01:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jana\Application Data\Malwarebytes
[2011/09/04 01:01:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/04 01:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/04 01:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/04 01:01:40 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/04 01:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/04 00:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Macrovision Corporation
[2011/09/04 00:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jana\Application Data\InstallShield
[2011/09/03 20:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jana\Local Settings\Application Data\Temp
[2011/09/03 19:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/09/03 19:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jana\Local Settings\Application Data\Google
[2011/09/03 19:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/09/03 18:46:12 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/09/03 18:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/09/03 18:40:39 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/03 13:51:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/03 13:51:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/03 13:51:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2008/06/12 04:18:41 | 000,114,745 | ---- | C] (Eyst Pty Ltd) -- C:\Program Files\RatbagAVI.exe
[2006/05/24 17:00:16 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/05/24 17:00:16 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/05/24 17:00:14 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/05/24 17:00:14 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/05/24 17:00:14 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/05/24 17:00:14 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2006/05/24 17:00:14 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/05/24 17:00:14 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2006/05/24 17:00:14 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2006/05/24 17:00:14 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2006/05/24 17:00:14 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/05/24 17:00:14 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/09/04 13:34:22 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/09/04 13:28:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/04 13:24:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/04 13:24:02 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/04 13:23:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 13:23:24 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/04 02:46:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/04 01:01:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/03 23:45:52 | 000,445,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/03 23:45:52 | 000,072,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/03 22:30:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/03 20:46:07 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jana\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/03 20:46:07 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/03 20:11:33 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/03 19:52:17 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/09/03 19:36:30 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Jana\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 18:46:36 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/09/03 18:40:39 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/03 13:59:45 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jana\Local Settings\Application Data\prvlcl.dat
[2011/09/03 13:38:03 | 000,004,184 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/09/03 13:37:10 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Jana\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/03 13:33:06 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/09/04 13:23:24 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/04 01:01:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/03 20:46:07 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Jana\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/03 20:46:05 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/03 20:11:31 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/03 20:11:30 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/03 19:36:30 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/09/03 19:36:30 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Jana\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 19:35:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/03 19:35:24 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/03 18:47:43 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/03 18:47:42 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/09/03 18:46:36 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/09/03 18:42:27 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/01/21 16:07:16 | 001,606,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/17 13:39:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jana\Local Settings\Application Data\prvlcl.dat
[2008/06/12 04:22:04 | 012,116,582 | ---- | C] () -- C:\Program Files\leadfoot_soon.avi
[2008/06/12 04:19:20 | 181,954,545 | ---- | C] () -- C:\Program Files\data.pf
[2008/06/12 04:19:19 | 000,000,075 | ---- | C] () -- C:\Program Files\Member.url
[2008/06/12 04:19:19 | 000,000,074 | ---- | C] () -- C:\Program Files\Media.url
[2008/06/12 04:19:19 | 000,000,012 | ---- | C] () -- C:\Program Files\store.pfc
[2008/06/12 04:19:18 | 000,529,015 | ---- | C] () -- C:\Program Files\store.pfb
[2008/06/12 04:19:18 | 000,527,880 | ---- | C] () -- C:\Program Files\store.pf
[2008/06/12 04:19:18 | 000,000,054 | ---- | C] () -- C:\Program Files\Ratbag.url
[2008/06/12 04:18:41 | 052,155,507 | ---- | C] () -- C:\Program Files\min.pf
[2008/06/12 04:18:41 | 000,061,440 | ---- | C] () -- C:\Program Files\DTRSCExtra.exe
[2008/06/12 04:18:41 | 000,061,440 | ---- | C] () -- C:\Program Files\DTRSC_CLO.exe
[2008/06/12 04:18:40 | 001,335,296 | ---- | C] () -- C:\Program Files\DTRSC.exe
[2008/06/12 04:18:40 | 000,147,456 | ---- | C] () -- C:\Program Files\Server.exe
[2008/06/12 04:18:40 | 000,020,887 | ---- | C] () -- C:\Program Files\Uninst.isu
[2007/08/26 10:25:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/22 09:40:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2007/03/01 09:15:56 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Jana\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/30 14:07:56 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2006/12/30 14:07:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/12/30 14:06:15 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll
[2006/08/03 10:36:30 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Jana\Local Settings\Application Data\fusioncache.dat
[2006/07/19 08:56:07 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\7AAED12327.sys
[2006/06/09 10:18:54 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/06/06 15:08:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Jana\Application Data\PFP120JPR.{PB
[2006/06/06 15:08:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Jana\Application Data\PFP120JCM.{PB
[2006/06/06 13:42:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/06/06 13:21:13 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/06 13:21:13 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\DB4C87659E.sys
[2006/05/24 17:39:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/24 17:35:24 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/24 17:31:02 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/05/24 17:28:55 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/05/24 17:23:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/24 17:00:16 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/05/24 17:00:16 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/05/24 17:00:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/05/24 17:00:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/05/24 17:00:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/05/24 17:00:14 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/05/24 17:00:14 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/05/24 17:00:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/05/24 17:00:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/05/24 17:00:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/05/24 16:59:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/24 16:59:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/05/24 16:59:28 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/02 14:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,330,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,445,792 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,072,998 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

descriptionTrojan.Agent EmptyRe: Trojan.Agent

more_horiz
OTL.Txt continued:

Code:



[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system32\config\systemprofile\*.dat /x >[/color]
 
[color=#A23BEC]< %USERPROFILE%\Desktop\*.exe >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Common Files\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\winn32\*.* >[/color]
 
[color=#A23BEC]< %USERPROFILE%\My Documents\*.exe >[/color]
 
[color=#A23BEC]< %USERPROFILE%\*.exe >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\*.exe >[/color]
[2011/08/30 17:59:04 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/08/30 17:59:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/08/30 17:59:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/08/30 17:59:04 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe
 
[color=#A23BEC]< %ProgramFiles%\TinyProxy. >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.* /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.* /lockedfiles >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
[2006/07/14 08:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2011/09/03 20:07:47 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/04/06 13:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2006/05/24 17:24:57 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2006/05/24 17:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2006/05/24 17:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2010/03/19 00:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2007/01/25 13:02:01 | 000,000,000 | ---D | M] -- C:\Program Files\AzureBay
[2009/07/21 13:37:13 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/06/04 14:21:08 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/10 13:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/05/24 17:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2006/05/24 17:31:41 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2006/05/24 17:32:06 | 000,000,000 | ---D | M] -- C:\Program Files\Corel Corporation
[2008/06/12 04:19:19 | 000,000,000 | ---D | M] -- C:\Program Files\data
[2006/05/24 17:36:58 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2006/08/25 13:07:44 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Games
[2008/01/01 08:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Photo AIO Printer 924
[2007/04/21 11:23:41 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2006/05/24 17:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2011/09/03 13:34:40 | 000,000,000 | ---D | M] -- C:\Program Files\Dl_cats
[2006/05/24 17:25:02 | 000,000,000 | ---D | M] -- C:\Program Files\EarthLink Setup
[2008/06/12 04:31:11 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2011/09/03 19:36:40 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/03/21 20:57:53 | 000,000,000 | ---D | M] -- C:\Program Files\HD Tune
[2006/10/19 10:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\HotFax MessageCenter
[2008/01/27 13:04:35 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/05/24 17:20:58 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2006/05/24 17:21:20 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2011/09/03 21:19:59 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/09/03 13:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/06/04 14:21:07 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2006/05/24 17:24:54 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2011/09/04 00:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\Macrovision Corporation
[2011/09/04 01:01:47 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/05/24 17:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/01/04 11:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2007/08/26 10:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/07/22 19:43:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/08/10 13:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/09/04 13:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/05/24 17:23:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2006/05/24 17:23:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2011/09/03 18:42:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2007/08/26 10:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2006/05/24 17:21:25 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2008/06/12 04:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\mods
[2011/01/14 20:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/09/03 20:45:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/22 14:49:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2006/05/26 21:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 13:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/19 16:56:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2006/05/24 17:29:56 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2009/01/04 11:32:03 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/05/24 17:21:38 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2006/05/24 17:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\NetZeroInstallers
[2006/12/30 14:16:25 | 000,000,000 | ---D | M] -- C:\Program Files\NewSoft
[2008/12/11 19:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\Nova Development
[2006/05/30 17:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/01/14 20:26:03 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2006/05/24 17:24:54 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/05/24 17:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/22 14:49:22 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2006/05/24 17:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2006/05/24 17:36:39 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/06/12 04:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\sponsors
[2008/12/13 07:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
[2010/02/22 10:00:58 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2004/08/10 13:08:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2006/05/24 17:24:53 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2006/05/24 17:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2006/05/30 18:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2009/01/04 11:31:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/01/04 11:31:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/10 13:02:52 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2006/05/24 17:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2004/08/10 13:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/06/14 15:25:29 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/27 18:20:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/27 18:20:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/27 18:20:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/27 18:20:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/10/27 18:20:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/10/27 18:20:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/04 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-04 18:26:59
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2004/09/01 11:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2004/09/01 11:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2004/09/01 11:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2004/09/01 11:56:34 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/30 17:59:04 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/30 17:59:04 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/30 17:59:04 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/08/30 17:59:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/30 17:59:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/30 17:59:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2004/09/01 11:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2004/09/01 11:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2004/09/01 11:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2004/09/01 11:56:34 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/30 17:59:04 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/30 17:59:04 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/30 17:59:04 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/08/30 17:59:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/30 17:59:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/30 17:59:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >


Extras.Txt

Code:



OTL Extras logfile created on: 9/4/2011 1:30:49 PM - Run 1
OTL by OldTimer - Version 3.2.27.0    Folder = C:\Documents and Settings\Jana\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1021.98 Mb Total Physical Memory | 566.32 Mb Available Physical Memory | 55.41% Memory free
1.66 Gb Paging File | 1.27 Gb Available in Paging File | 76.60% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 84.21 Gb Free Space | 77.55% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 37.16 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
 
Computer Name: D9MRT1B1 | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0594472B-42DC-4E29-A161-2CCC011AE7DE}" = TurboTax 2008 wmniper
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2C9241DC-E141-4BB9-99F2-0BC54D81862F}" = Smart Start UP
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39E2A400-EAA2-012B-AE04-000000000000}" = TurboTax 2009 wmniper
"{3C516E56-0B4B-4BDE-88A2-035B4D170A26}" = DXG-552
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}" = KODAK Share Button App
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A75AC597-EDCD-4FC7-94C5-2F72B52C95CA}" = Scrapbook Factory
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}" = Presto! VideoWorks 6 (VCD Version)
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}" = Presto! Mr. Photo 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E8BC3608-61A8-4DB3-A6E8-3B67B36448DE}" = Greeting Card Factory Express
"26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3" = Polar Bowler
"3C48F877-A164-45E9-B9DA-26A049FFC207" = Tradewinds
"651956B7-1969-42AA-9453-E0B813019D54" = Polar Golfer
"6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA" = SCRABBLE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"C0A0AA4D-C79B-48CA-8843-2B02B626C9E6" = Blackhawk Striker 2
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"Dirt Track Racing - Sprint Cars" = Dirt Track Racing - Sprint Cars
"E0814F95-5380-4892-B8C8-7FA4B349EF46" = Chuzzle Deluxe
"GameSpy Arcade" = GameSpy Arcade
"getPlus(R)_ocx" = getPlus(R)_ocx
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.53
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WT014663" = Polar Bowler
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 6/4/2011 3:47:07 PM | Computer Name = D9MRT1B1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.4127, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 7/17/2011 12:26:55 PM | Computer Name = D9MRT1B1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.4127, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 9/3/2011 2:45:34 PM | Computer Name = D9MRT1B1 | Source = ESENT | ID = 490
Description = svchost (868) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 9/3/2011 2:45:39 PM | Computer Name = D9MRT1B1 | Source = ESENT | ID = 490
Description = svchost (868) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 9/3/2011 2:52:27 PM | Computer Name = D9MRT1B1 | Source = ESENT | ID = 490
Description = svchost (868) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 9/3/2011 2:52:27 PM | Computer Name = D9MRT1B1 | Source = ESENT | ID = 470
Description = Catalog Database (868) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
 is partially attached. Attachment stage: 3. Error: -1032.
 
Error - 9/3/2011 2:53:54 PM | Computer Name = D9MRT1B1 | Source = ESENT | ID = 494
Description = Catalog Database (868) Database recovery failed with error -1216 because
 it encountered references to a database, 'C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb',
 which is no longer present. The database was not brought to a consistent state
before it was removed (or possibly moved or renamed). The database engine will not
 permit recovery to complete for this instance until the missing database is re-instated.
 If the database is truly no longer available and no longer required, please contact
 PSS for further instructions regarding the steps required in order to allow recovery
 to proceed without this database.
 
Error - 9/3/2011 2:53:54 PM | Computer Name = D9MRT1B1 | Source = ESENT | ID = 454
Description = Catalog Database (868) Database recovery/restore failed with unexpected
 error -1216.
 
Error - 9/3/2011 7:42:41 PM | Computer Name = D9MRT1B1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
 P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 9/3/2011 8:04:26 PM | Computer Name = D9MRT1B1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
1, P5 1, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
[ System Events ]
Error - 9/4/2011 1:53:32 AM | Computer Name = D9MRT1B1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error:  %%10045
 
Error - 9/4/2011 4:15:54 AM | Computer Name = D9MRT1B1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 9/4/2011 4:16:07 AM | Computer Name = D9MRT1B1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
 arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 9/4/2011 4:16:35 AM | Computer Name = D9MRT1B1 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error:  %%31
 
Error - 9/4/2011 4:16:35 AM | Computer Name = D9MRT1B1 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
 which failed to start because of the following error:  %%31
 
Error - 9/4/2011 4:16:35 AM | Computer Name = D9MRT1B1 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
 failed to start because of the following error:  %%31
 
Error - 9/4/2011 4:16:35 AM | Computer Name = D9MRT1B1 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
 failed to start because of the following error:  %%31
 
Error - 9/4/2011 4:16:35 AM | Computer Name = D9MRT1B1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  AFD  Fips  intelppm  IPSec  MpFilter  NetBT  RasAcd  Tcpip  WS2IFSL
 
Error - 9/4/2011 5:18:19 AM | Computer Name = D9MRT1B1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 9/4/2011 2:23:34 PM | Computer Name = D9MRT1B1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error:  %%10045
 
 
< End of report >


aswMBR.txt

Code:



aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-04 14:03:27
-----------------------------
14:03:27.640    OS Version: Windows 5.1.2600 Service Pack 3
14:03:27.640    Number of processors: 1 586 0x409
14:03:27.640    ComputerName: D9MRT1B1  UserName: Jana
14:03:28.609    Initialize success
14:04:50.437    AVAST engine defs: 11090401
14:05:12.640    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:05:12.640    Disk 0 Vendor: Maxtor_6L160P0 BAJ41G10 Size: 152587MB BusType: 3
14:05:14.656    Disk 0 MBR read successfully
14:05:14.656    Disk 0 MBR scan
14:05:14.703    Disk 0 unknown MBR code
14:05:14.703    Disk 0 scanning sectors +312496380
14:05:14.812    Disk 0 scanning C:\WINDOWS\system32\drivers
14:05:40.328    Service scanning
14:05:40.656    Service MpKsle6a7bfad c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ABF9FCAF-AD01-4E59-AF80-98217F790F3D}\MpKsle6a7bfad.sys **LOCKED** 32
14:05:41.281    Modules scanning
14:05:47.031    Disk 0 trace - called modules:
14:05:47.046    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
14:05:47.046    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f84ab8]
14:05:47.062    3 CLASSPNP.SYS[f7596fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86fd9b00]
14:05:48.140    AVAST engine scan C:\WINDOWS
14:06:01.671    AVAST engine scan C:\WINDOWS\system32
14:09:55.125    AVAST engine scan C:\WINDOWS\system32\drivers
14:10:26.953    AVAST engine scan C:\Documents and Settings\Jana
14:15:45.515    AVAST engine scan C:\Documents and Settings\All Users
14:17:47.328    Scan finished successfully
14:19:48.187    Disk 0 MBR has been saved successfully to "F:\malware scans\MBR.dat"
14:19:48.203    The log file has been saved successfully to "F:\malware scans\aswMBR.txt"


checkup.txt

Code:



 Results of screen317's Security Check version 0.99.18 
 Windows XP Service Pack 3 
 Internet Explorer 8 
[b]``````````````````````````````
[u]Antivirus/Firewall Check:[/u][/b]
 Windows Firewall Enabled! 
 Microsoft Security Essentials   
[b]```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u][/b]
 Malwarebytes' Anti-Malware   
 CCleaner (remove only) 
 Java(TM) 6 Update 26 
 Java(TM) 6 Update 4 
 Java 2 Runtime Environment, SE v1.4.2_03
 [color=red][b]Out of date Java installed![/b][/color]
 Adobe Flash Player    10.3.183.7 
 Mozilla Firefox (x86 en-US..)
[b]````````````````````````````````
Process Check: 
[u]objlist.exe by Laurent[/u][/b]
 Windows Defender MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Microsoft Security Client Antimalware MsMpEng.exe 
[b]``````````End of Log````````````[/b]


Also, because the Malwarebytes log is over 4MB, here is a sample of what it finds when run in safemode:

Code:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7648

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

9/4/2011 3:15:27 PM
mbam-log-2011-09-04 (15-15-13).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 311432
Time elapsed: 40 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2915
Files Infected: 35375

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32INFO.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FULLSOFT.DLL (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSO.DLL (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VBE6.DLL (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JVM.DLL (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HTMLMARQ.OCX (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HTMLMM.OCX (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QPW.EXE (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\.\. (Trojan.Agent) -> No action taken.
c:\program files\.\.\abbyy finereader 6.0 sprint (Trojan.Agent) -> No action taken.
c:\program files\.\.\abbyy finereader 6.0 sprint\Demo (Trojan.Agent) -> No action taken.
c:\program files\.\.\abbyy finereader 6.0 sprint\Readme (Trojan.Agent) -> No action taken.
c:\program files\.\.\abbyy finereader 6.0 sprint\Resource (Trojan.Agent) -> No action taken.
c:\program files\.\.\abbyy finereader 6.0 sprint\Resource\CMAP (Trojan.Agent) -> No action taken.
c:\program files\.\.\abbyy finereader 6.0 sprint\Resource\FONT (Trojan.Agent) -> No action taken.
c:\program files\.\.\abbyy finereader 6.0 sprint\Scan (Trojan.Agent) -> No action taken.
c:\program files\.\.\abbyy finereader 6.0 sprint\Scan\Twain (Trojan.Agent) -> No action taken.
c:\program files\.\.\abbyy finereader 6.0 sprint\Support (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\acrobat 6.0 (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\acrobat 6.0\Reader (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\acrobat 6.0\Reader\plug_ins (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\acrobat 6.0\Reader\plug_ins\annotations (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\acrobat 6.0\Resource (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\acrobat 6.0\Resource\CMap (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\acrobat 6.0\Resource\Font (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Acrobat.com (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Acrobat.com\assets (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Acrobat.com\assets\icons (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Acrobat.com\bin-debug (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Acrobat.com\META-INF (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Acrobat.com\META-INF\AIR (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0 (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Esl (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\AIR (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\Browser (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\idtemplates (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\idtemplates\ENU (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\javascripts (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\Legal (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\Legal\ENU (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\plug_ins (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\plug_ins\AcroForm (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\plug_ins\AcroForm\PMP (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\plug_ins\annotations (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\plug_ins\annotations\Stamps (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\plug_ins\annotations\Stamps\ENU (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\plug_ins\multimedia (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\plug_ins\multimedia\MPP (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\plug_ins3d (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\plug_ins3d\prc (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\Services (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\spplugins (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Reader\Tracker (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\CMap (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\Font (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\Font\PFM (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\linguistics (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\linguistics\languagenames2 (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\linguistics\providers (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\linguistics\providers\proximity (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\linguistics\providers\proximity\11.00 (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\SaslPrep (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\typesupport (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\typesupport\Unicode (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\typesupport\Unicode\ICU (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\typesupport\Unicode\Mappings (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\typesupport\Unicode\Mappings\Adobe (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\typesupport\Unicode\Mappings\Mac (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\Resource\typesupport\Unicode\Mappings\win (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\setup files (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\reader 10.0\setup files\{ac76ba86-7ad7-1033-7b44-aa1000000001} (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Reader 9.0 (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Reader 9.0\Reader (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Reader 9.0\Resource (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Reader 9.0\Resource\linguistics (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Reader 9.0\Resource\linguistics\languagenames2 (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Reader 9.0\Resource\linguistics\providers (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Reader 9.0\Resource\linguistics\providers\proximity (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Reader 9.0\Resource\linguistics\providers\proximity\11.00 (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Reader 9.0\setup files (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\Reader 9.0\setup files\{ac76ba86-7ad7-5464-3428-900000000004} (Trojan.Agent) -> No action taken.
c:\program files\.\.\Adobe\{ac76ba86-0000-0000-7ac5-6028747ade00} (Trojan.Agent) -> No action taken.
c:\program files\.\.\alwil software (Trojan.Agent) -> No action taken.
c:\program files\.\.\alwil software\Avast4 (Trojan.Agent) -> No action taken.
c:\program files\.\.\alwil software\Avast4\Setup (Trojan.Agent) -> No action taken.
c:\program files\.\.\america online 9.0 (Trojan.Agent) -> No action taken.
c:\program files\.\.\america online 9.0\backup (Trojan.Agent) -> No action taken.
c:\program files\.\.\america online 9.0\backup\restore (Trojan.Agent) -> No action taken.


Last edited by sdc on 4th September 2011, 10:51 pm; edited 1 time in total (Reason for editing : added malwarebytes partial log)

descriptionTrojan.Agent EmptyRe: Trojan.Agent

more_horiz
Hi,


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:
Trojan.Agent NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

Trojan.Agent NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Trojan.Agent RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Trojan.Agent Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

descriptionTrojan.Agent EmptyRe: Trojan.Agent

more_horiz
ComboFix.txt

ComboFix 11-09-07.04 - Jana 09/07/2011 21:32:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.583 [GMT -5:00]
Running from: c:\documents and settings\Jana\Desktop\PCHelpForum.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Clint\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Clint\Local Settings\Application Data\ApplicationHistory\DMX.exe.d0259252.ini
c:\documents and settings\Clint\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Clint\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Clint\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b72c2a1d.ini
c:\documents and settings\Clint\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Clint\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Clint\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Clint\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Clint\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Clint\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse
c:\documents and settings\Clint\WINDOWS
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\AddProductToDMX.exe.1cae22f0.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\AddProductToDMX.exe.45e92372.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\AddProductToDMX.exe.62a15856.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\AddProductToDMX.exe.a761b1cb.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\InC1A.exe.ff99d48.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b7231ca1.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b72c2a1d.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini
c:\documents and settings\Jana\Local Settings\Application Data\ApplicationHistory\UIMain.exe.f56a6b1b.ini
c:\documents and settings\Jana\WINDOWS
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory\AddProductToDMX.exe.6b2528a7.ini
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory\AddProductToDMX.exe.983c0e34.ini
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory\DMX.exe.d0259252.ini
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b72c2a1d.ini
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Tim\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini
c:\documents and settings\Tina\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Tina\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Tina\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Tina\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b7231ca1.ini
c:\documents and settings\Tina\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b72c2a1d.ini
c:\documents and settings\Tina\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Tina\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Tina\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Tina\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Tina\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\program files\Server.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
.
.
2011-09-08 02:26 . 2011-09-08 02:26 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ABF9FCAF-AD01-4E59-AF80-98217F790F3D}\MpKslcd90561f.sys
2011-09-04 07:02 . 2011-08-12 00:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-04 07:01 . 2011-08-12 00:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ABF9FCAF-AD01-4E59-AF80-98217F790F3D}\mpengine.dll
2011-09-04 06:01 . 2011-09-04 06:01 -------- d-----w- c:\documents and settings\Jana\Application Data\Malwarebytes
2011-09-04 06:01 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-04 06:01 . 2011-09-04 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-04 06:01 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-04 06:01 . 2011-09-04 06:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-04 05:59 . 2011-09-04 05:59 -------- d-----w- c:\program files\Macrovision Corporation
2011-09-04 05:59 . 2011-09-04 05:59 -------- d-----w- c:\documents and settings\Jana\Application Data\InstallShield
2011-09-04 05:22 . 2011-09-04 05:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-09-04 01:45 . 2011-08-30 22:59 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-04 01:45 . 2011-08-30 22:59 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-09-04 01:45 . 2011-08-30 22:59 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-09-04 01:45 . 2011-08-30 22:59 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-09-04 01:45 . 2011-08-30 22:59 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-09-04 01:45 . 2011-08-30 22:59 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-09-04 01:45 . 2011-08-30 19:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-04 01:45 . 2011-08-30 19:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-09-04 01:26 . 2011-08-30 22:59 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-09-04 01:25 . 2011-08-30 22:59 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-09-04 01:22 . 2011-09-04 01:22 -------- d-----w- c:\documents and settings\Jana\Local Settings\Application Data\Temp
2011-09-04 00:35 . 2011-09-04 00:35 -------- d-----w- c:\documents and settings\Jana\Local Settings\Application Data\Google
2011-09-04 00:34 . 2011-09-04 00:36 -------- d-----w- c:\program files\Google
2011-09-03 23:46 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-03 23:42 . 2011-09-03 23:42 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-03 23:40 . 2011-09-03 23:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2006-05-24 21:58 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2000-08-31 20:30 . 2008-06-12 09:18 1335296 ----a-w- c:\program files\DTRSC.exe
2000-08-29 20:56 . 2008-06-12 09:18 114745 ----a-w- c:\program files\RatbagAVI.exe
2000-08-29 03:18 . 2008-06-12 09:18 61440 ------w- c:\program files\DTRSCExtra.exe
2000-08-03 10:14 . 2008-06-12 09:18 61440 ------w- c:\program files\DTRSC_CLO.exe
2011-08-30 22:59 . 2011-09-04 01:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-24 98304]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"Smart Start UP"="c:\program files\NewSoft\Smart Start UP\PnPDetect.exe" [2003-01-21 98304]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 107008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA&inst=NwA3AC0ANgA5ADUAOQA2ADgAMAAxAC0AWABHACsAMQAtAEIAQQArADEALQBCADMALQBGAFAAOQArADMALQBUAEIAOQArADEALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQAtAEQARABUACsAMAA&prod=90&ver=9.0.894" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-24 24576]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [12/30/2006 2:09 PM 16855]
R1 MpKslcd90561f;MpKslcd90561f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ABF9FCAF-AD01-4E59-AF80-98217F790F3D}\MpKslcd90561f.sys [9/7/2011 9:26 PM 28752]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [12/30/2006 2:09 PM 21808]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2011 7:35 PM 136176]
S3 DSCVc;Video Capture;c:\windows\system32\drivers\CoachVc.sys [12/30/2006 2:06 PM 44256]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2011 7:35 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/4/2011 1:01 AM 41272]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLCD90561F
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 00:34]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 00:34]
.
2011-09-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2011-09-08 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\mclsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\documents and settings\Jana\Application Data\Mozilla\Firefox\Profiles\q0q70v51.default\
FF - prefs.js: browser.startup.homepage - hxxp://signout.msn.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-07 21:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(552)
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
.
Completion time: 2011-09-07 21:45:10
ComboFix-quarantined-files.txt 2011-09-08 02:45
.
Pre-Run: 90,220,941,312 bytes free
Post-Run: 92,804,153,344 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C3A59AA6CAEFCF7F48475295BAAA0F26

descriptionTrojan.Agent EmptyRe: Trojan.Agent

more_horiz
Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionTrojan.Agent EmptyRe: Trojan.Agent

more_horiz
esetonlinescanner log.txt

Code:



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4eb4fadcbecf444bacee8bb453a4e6df
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-08 11:36:36
# local_time=2011-09-08 06:36:36 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 107089027 107089027 0 0
# compatibility_mode=1024 16777215 100 0 45621955 45621955 0 0
# compatibility_mode=5891 16776533 42 87 0 11495952 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=93461
# found=1
# cleaned=1
# scan_time=6000
C:\Documents and Settings\Jana\My Documents\Downloads\registrybooster.exe   Win32/RegistryBooster application (deleted - quarantined)   00000000000000000000000000000000   C

descriptionTrojan.Agent EmptyRe: Trojan.Agent

more_horiz
Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 4
    Java(TM) 6 Update 26
    Viewpoint Media Player

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 7.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-7-windows-i586.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

How is the machine running now?

descriptionTrojan.Agent EmptyRe: Trojan.Agent

more_horiz
Everything seems to be running perfectly now. Thanks so much for your help. :smile2:

descriptionTrojan.Agent EmptyRe: Trojan.Agent

more_horiz
Okay, your good to go.

descriptionTrojan.Agent EmptyRe: Trojan.Agent

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum