Jump to content


Photo

Sluggish CPU load


  • This topic is locked This topic is locked
26 replies to this topic

#1 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 14 August 2011 - 06:27 PM

My Windows XP has been sluggish lately with errors. I also have been getting Windows Explorer error: AppName: explorer.exe Appver:6.0.2900.5512 Mod Name:Unknown ModVer: 0.0.0.0 Offset: 676c8062

Also I have been getting the Windows Defender Error: 0x8050800c and I do not even have that installed.

Part of the Process is MsMpEng.Exe taking up nearly 70,000 K

Also: Every time I download this update: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2539631)
Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864)

It keeps coming back over and over again. It doesn't stay installed. It acts as if it never was detected and multiple copies are installed because of it.

Also due to the vbalsGrid6.ocx, I had to uninstall Malwarebytes and reinstall it, with the same stuff on the folder. I have read the details of the FAQ and followed the directions.

Here are the logs:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7467

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/14/2011 4:13:14 PM
mbam-log-2011-08-14 (16-13-14).txt

Scan type: Quick scan
Objects scanned: 228538
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the dds.txt log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Craig at 17:32:44 on 2011-08-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1114 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yor.net/coolman5
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\companion\modules\messmod4\v6\yhexbmes.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1
IE: &AOL Toolbar search
IE: &Clean Traces
IE: &Download with &DAP
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Download &all with DAP
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{E0AC6155-5D5F-4BCA-9EDA-EE258FE6A76A} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{E0AC6155-5D5F-4BCA-9EDA-EE258FE6A76A} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\craig\application data\mozilla\firefox\profiles\ba5j5nfw.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 29400]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsld5e58725;MpKsld5e58725;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5fc31586-3e46-4348-989c-ad48d5fa0bdc}\MpKsld5e58725.sys [2011-8-14 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-8-8 116608]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-5-9 1793712]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-12-20 54760]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-7-28 112800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-10 2255464]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 MpKsl1f4d5808;MpKsl1f4d5808;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe36cbc4-b701-405d-9a06-e0187f8abc02}\mpksl1f4d5808.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe36cbc4-b701-405d-9a06-e0187f8abc02}\MpKsl1f4d5808.sys [?]
S1 MpKsl32cb310f;MpKsl32cb310f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3d56fa7-a5e9-46f8-b1a6-ea83c43ca9fb}\mpksl32cb310f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3d56fa7-a5e9-46f8-b1a6-ea83c43ca9fb}\MpKsl32cb310f.sys [?]
S1 MpKsl73759412;MpKsl73759412;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3d56fa7-a5e9-46f8-b1a6-ea83c43ca9fb}\mpksl73759412.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3d56fa7-a5e9-46f8-b1a6-ea83c43ca9fb}\MpKsl73759412.sys [?]
S1 MpKsl78c8f8dd;MpKsl78c8f8dd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3d56fa7-a5e9-46f8-b1a6-ea83c43ca9fb}\mpksl78c8f8dd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3d56fa7-a5e9-46f8-b1a6-ea83c43ca9fb}\MpKsl78c8f8dd.sys [?]
S1 MpKslc2a76b69;MpKslc2a76b69;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ace2942b-b9de-47c4-b239-5f1ad9a6025d}\mpkslc2a76b69.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ace2942b-b9de-47c4-b239-5f1ad9a6025d}\MpKslc2a76b69.sys [?]
S1 MpKslcdb74970;MpKslcdb74970;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b98224d8-755b-439a-aee6-225fa19de6a8}\mpkslcdb74970.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b98224d8-755b-439a-aee6-225fa19de6a8}\MpKslcdb74970.sys [?]
S1 MpKsleb66d3f1;MpKsleb66d3f1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c2dcade7-084a-4d55-a7fa-637dfab0d093}\mpksleb66d3f1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c2dcade7-084a-4d55-a7fa-637dfab0d093}\MpKsleb66d3f1.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-26 6656]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva193;XDva193;\??\c:\windows\system32\xdva193.sys --> c:\windows\system32\XDva193.sys [?]
S3 XDva202;XDva202;\??\c:\windows\system32\xdva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\xdva215.sys --> c:\windows\system32\XDva215.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\xdva225.sys --> c:\windows\system32\XDva225.sys [?]
S3 XDva269;XDva269;\??\c:\windows\system32\xdva269.sys --> c:\windows\system32\XDva269.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\xdva277.sys --> c:\windows\system32\XDva277.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\xdva285.sys --> c:\windows\system32\XDva285.sys [?]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2010-12-18 229376]
.
=============== Created Last 30 ================
.
2011-08-14 19:54:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 19:54:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 19:47:48 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5fc31586-3e46-4348-989c-ad48d5fa0bdc}\MpKsld5e58725.sys
2011-08-14 06:54:44 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5fc31586-3e46-4348-989c-ad48d5fa0bdc}\mpengine.dll
2011-08-11 04:00:06 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-11 04:00:06 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-11 04:00:03 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-11 04:00:03 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-11 04:00:01 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-11 03:59:08 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-11 03:59:08 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-11 03:59:08 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-11 03:59:07 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-11 03:59:07 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-11 03:59:07 4210816 ----a-w- c:\windows\system32\dllcache\nv4_disp.dll
2011-08-11 03:59:07 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-11 03:59:07 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-08-11 03:59:07 12542592 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2011-08-11 03:58:02 -------- d-----w- C:\NVIDIA
2011-08-11 01:26:31 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2011-08-11 01:24:29 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-08-11 01:24:29 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-08-11 01:24:29 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-08-10 01:52:26 -------- d-----w- c:\windows\system32\Adobe
2011-08-10 01:33:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-05 20:10:20 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-07-30 01:10:45 -------- d-----w- c:\documents and settings\craig\local settings\application data\Sun
2011-07-29 13:14:14 128000 -c--a-w- c:\windows\system32\javacpl.cpl
2011-07-28 16:12:18 112800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
.
==================== Find3M ====================
.
2011-08-03 11:49:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49:00 600680 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-08-03 11:49:00 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49:00 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49:00 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-07-29 13:13:50 544656 -c--a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:03:24 669816 -c--a-w- c:\windows\system32\ncs2dmix.dll
2011-07-08 14:03:22 519800 -c--a-w- c:\windows\system32\accesor.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 13:40:48 140920 -c--a-w- c:\windows\system32\ncs2instutility.dll
2011-07-08 13:24:06 2022520 -c--a-w- c:\windows\system32\ncscolib.dll
2011-06-30 08:38:13 29400 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38:12 242600 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38:10 17416 -c--a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37:25 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-28 07:12:42 30368 -c--a-w- c:\windows\system32\drivers\iqvw32.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-09 19:00:50 192000 -c--a-w- c:\windows\system32\Ncs2Setp.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 15:10:24 272584 -c--a-w- c:\windows\system32\Prounstl.exe
.
============= FINISH: 17:34:17.85 ===============


Here is the log of the HiJackThis Log 2.0.4:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:42:09 PM, on 8/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yor.net/coolman5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-21-4081360589-2644460034-3144785942-1011\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebo...toUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0AC6155-5D5F-4BCA-9EDA-EE258FE6A76A}: NameServer = 156.154.70.22,156.154.71.22
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® PROSet Monitoring Service - Intel Corporation - C:\WINDOWS\system32\IProsetMonitor.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 8664 bytes

Here is the results of checkup.txt:

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Eusing Free Registry Cleaner
Java™ 7
Adobe Flash Player 10.3.183.5
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````


Here is the log for F-Scan Online Scanner:

Scanning Report
Sunday, August 14, 2011 18:06:14 - 20:22:40

Computer name: DHKL0Q81
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\
No malware found
Statistics
Scanned:

Files: 104015
System: 4693
Not scanned: 8

Actions:

Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

Files not scanned:

C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\DOCUMENTS AND SETTINGS\CRAIG\LOCAL SETTINGS\TEMP\HSPERFDATA_CRAIG\2268
C:\DOCUMENTS AND SETTINGS\CRAIG\LOCAL SETTINGS\TEMP\HSPERFDATA_CRAIG\2952

Options
Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 August 2011 - 08:57 PM

Hello CoolMan5. Welcome to SWI.

Your logs appear clean, and your protection is all up to date - nice to see.

Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 16 August 2011 - 08:13 AM

Here is the log for C:\ ComboFix.txt:

ComboFix 11-08-16.02 - Craig 08/16/2011 9:55.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1531 [GMT -4:00]
Running from: c:\documents and settings\Craig\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\drvrtmp
c:\windows\isRS-000.tmp
c:\windows\system32\usp10(3)(2).dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-16 10:08 . 2011-08-16 10:08 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68CE35AC-1C0C-4A48-8BEA-5FCF09A4793C}\MpKsle09c5db5.sys
2011-08-15 11:09 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68CE35AC-1C0C-4A48-8BEA-5FCF09A4793C}\mpengine.dll
2011-08-14 22:06 . 2011-08-14 22:06 -------- d-----w- c:\documents and settings\Craig\Application Data\f-secure
2011-08-14 21:39 . 2011-08-14 21:39 388096 ----a-r- c:\documents and settings\Craig\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-14 21:39 . 2011-08-14 21:39 -------- d-----w- c:\program files\Trend Micro
2011-08-14 19:54 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 19:54 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 04:00 . 2011-08-03 11:49 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-11 04:00 . 2011-08-03 11:49 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-11 04:00 . 2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-11 04:00 . 2011-08-03 11:49 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-11 04:00 . 2011-08-03 11:49 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-11 03:59 . 2011-08-03 11:49 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-10 01:52 . 2011-08-10 01:52 -------- d-----w- c:\windows\system32\Adobe
2011-08-10 01:33 . 2011-08-10 03:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-10 01:33 . 2011-08-10 01:48 -------- d-----w- c:\windows\system32\Macromed
2011-08-05 20:10 . 2011-08-05 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-07-30 01:10 . 2011-07-30 01:10 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\Sun
2011-07-29 13:18 . 2011-07-29 13:18 -------- d-----w- c:\program files\Common Files\Java
2011-07-29 13:14 . 2011-07-29 13:13 128000 -c--a-w- c:\windows\system32\javacpl.cpl
2011-07-28 16:12 . 2011-05-23 20:47 112800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 11:49 . 2011-05-09 15:37 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-05-09 15:37 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-05-09 15:37 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-05-09 15:37 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2011-04-08 02:15 600680 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-07-29 13:13 . 2010-04-22 04:57 544656 -c--a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2005-10-26 00:37 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2011-02-20 21:18 6881616 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-08 14:03 . 2011-07-08 14:03 669816 -c--a-w- c:\windows\system32\ncs2dmix.dll
2011-07-08 14:03 . 2011-07-08 14:03 519800 -c--a-w- c:\windows\system32\accesor.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 13:40 . 2011-07-08 13:40 140920 -c--a-w- c:\windows\system32\ncs2instutility.dll
2011-07-08 13:24 . 2011-07-08 13:24 2022520 -c--a-w- c:\windows\system32\ncscolib.dll
2011-06-30 08:38 . 2011-05-07 20:17 97504 -c--a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 08:38 . 2011-05-03 00:36 29400 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38 . 2011-05-03 00:36 242600 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38 . 2011-05-03 00:36 17416 -c--a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37 . 2011-05-03 00:36 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-28 07:12 . 2011-06-28 07:12 30368 -c--a-w- c:\windows\system32\drivers\iqvw32.sys
2011-06-24 14:10 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 17:51 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-09 19:00 . 2011-06-09 19:00 192000 -c--a-w- c:\windows\system32\Ncs2Setp.dll
2011-06-07 15:55 . 2011-07-03 11:32 7074640 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-06-02 14:02 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 15:10 . 2005-10-26 00:37 272584 -c--a-w- c:\windows\system32\Prounstl.exe
2009-01-07 22:29 . 2009-02-07 16:06 1447280 -c--a-w- c:\program files\mozilla firefox\plugins\XnpLegitCheckPlugin.dll
2011-06-21 14:12 . 2011-03-22 16:01 142296 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 15:31 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 06:02 86016 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 15:32 77824 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 15:36 114688 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 15:35 94208 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-06-23 16:33 438359 -c--a-w- c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 22:46 204288 -c--a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"MskService"=2 (0x2)
"RSVP"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)
"MsMpSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
R1 MpKsle09c5db5;MpKsle09c5db5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68CE35AC-1C0C-4A48-8BEA-5FCF09A4793C}\MpKsle09c5db5.sys [8/16/2011 6:08 AM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/8/2010 11:34 AM 116608]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [7/28/2011 12:12 PM 112800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/10/2011 9:26 PM 2255464]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKsl1f4d5808;MpKsl1f4d5808;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE36CBC4-B701-405D-9A06-E0187F8ABC02}\MpKsl1f4d5808.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE36CBC4-B701-405D-9A06-E0187F8ABC02}\MpKsl1f4d5808.sys [?]
S1 MpKsl32cb310f;MpKsl32cb310f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl32cb310f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl32cb310f.sys [?]
S1 MpKsl73759412;MpKsl73759412;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl73759412.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl73759412.sys [?]
S1 MpKsl78c8f8dd;MpKsl78c8f8dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl78c8f8dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl78c8f8dd.sys [?]
S1 MpKslc2a76b69;MpKslc2a76b69;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACE2942B-B9DE-47C4-B239-5F1AD9A6025D}\MpKslc2a76b69.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACE2942B-B9DE-47C4-B239-5F1AD9A6025D}\MpKslc2a76b69.sys [?]
S1 MpKslcdb74970;MpKslcdb74970;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B98224D8-755B-439A-AEE6-225FA19DE6A8}\MpKslcdb74970.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B98224D8-755B-439A-AEE6-225FA19DE6A8}\MpKslcdb74970.sys [?]
S1 MpKsleb66d3f1;MpKsleb66d3f1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2DCADE7-084A-4D55-A7FA-637DFAB0D093}\MpKsleb66d3f1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2DCADE7-084A-4D55-A7FA-637DFAB0D093}\MpKsleb66d3f1.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [12/26/2005 1:24 AM 6656]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 1:51 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sys --> c:\windows\system32\XDva225.sys [?]
S3 XDva269;XDva269;\??\c:\windows\system32\XDva269.sys --> c:\windows\system32\XDva269.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [12/18/2010 2:25 PM 229376]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE09C5DB5
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-16 c:\windows\Tasks\JkDefrag.job
- c:\windows\tasks\JkDefragTask.cmd [2009-01-13 02:30]
.
2011-08-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yor.net/coolman5
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &AOL Toolbar search
IE: &Clean Traces
IE: &Download with &DAP
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Download &all with DAP
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{E0AC6155-5D5F-4BCA-9EDA-EE258FE6A76A}: NameServer = 156.154.70.22,156.154.71.22
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\ba5j5nfw.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-16 10:04
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\.Default]
@DACL=(02 0000)
@=""
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\.Default]
@DACL=(02 0000)
@=""
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\.Default]
@DACL=(02 0000)
@=""
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\.Default]
@DACL=(02 0000)
@=""
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(584)
c:\windows\system32\guard32.dll
.
Completion time: 2011-08-16 10:08:08
ComboFix-quarantined-files.txt 2011-08-16 14:08
.
Pre-Run: 46,932,987,904 bytes free
Post-Run: 47,406,215,168 bytes free
.
- - End Of File - - F6103F271404D5CB8C07C1BF2DFE383C

#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 August 2011 - 11:20 AM

Parts of Windows Defender are running.
Try this:
Click Start, Type Run, and type the following:
msiexec /uninstall windowsdefender.msi /quiet /log uninstall.log
Let me know whether it seems to work.

Please tell me the make and model of your PC. Is it a laptop?

I have some questions for you about installed programs or features. Any of these could possibly be responsible for your sluggishness and errors.

AOL toolbar. Do you actually use AOL?

Intel PROSet Wireless utility is used for Network performance management, Profile management, Power management and User-configurable network settings. The program detects the presence of any wireless networks within range of the adapter, providing automatic configuration and connection.
Publisher: Intel Corporation
Do you need this?

Family Safety - see http://windows.micro...h-Family-Safety
This is a spy program.

Windows Remote Management (WINRM) - see http://msdn.microsof...a384426(v=vs.85).aspx
For managing other computers on a network.

Digital Line Detect. This is for use if you connect to the internet through a regular analog phone. Seems like a relic of an earlier age. http://answers.micro...4c-d61d1e816d38

XTrap Game protection, see http://www.outspark....ead.php?t=48880
Creates entries like this:
S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?]

When I get your answers I'll advise you what to do next.
In the meantime please download MiniToolBox and run it.

Checkmark only the following box:

  • List Last 10 Event Viewer Errors
Click Go and copy/paste the log (Result.txt) into your next post.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 16 August 2011 - 02:17 PM

Okay, I clicked start, went to Run, and typed msiexec /uninstall windowsdefender.msi /quiet /log uninstall.log and clicked Ok. Nothing else happened after that.

The model is a desktop. Dimension 3000.

AOL toolbar. Do you actually use AOL? No, I don't use AOL.

Intel PROSet Wireless utility is used for Network performance management, Profile management, Power management and User-configurable network settings. The program detects the presence of any wireless networks within range of the adapter, providing automatic configuration and connection.
Publisher: Intel Corporation
Do you need this? Nope.


Family Safety - see http://windows.micro...h-Family-Safety
This is a spy program. That needs to be gone.

Windows Remote Management (WINRM) - see http://msdn.microsof...6(v=vs.85).aspx
For managing other computers on a network. Only this computer is active.

Digital Line Detect. This is for use if you connect to the internet through a regular analog phone. Seems like a relic of an earlier age. http://answers.micro...4c-d61d1e816d38 Needs to be buried like history.

XTrap Game protection, see http://www.outspark....ead.php?t=48880
Creates entries like this:
S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?] That's for my younger brother when he is playing LaTale.

And here are the results from the MiniTool Box log Result.txt:

MiniToolBox by Farbar
Ran by Craig (administrator) on 16-08-2011 at 16:13:25
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/16/2011 02:05:00 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (08/16/2011 02:02:51 PM) (Source: PerfNet) (User: )
Description: Unable to open the Redirector service. Redirector performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/16/2011 02:02:51 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (08/16/2011 02:02:51 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (08/16/2011 10:21:50 AM) (Source: PerfNet) (User: )
Description: Unable to open the Redirector service. Redirector performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/16/2011 10:21:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (08/16/2011 10:21:49 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (08/16/2011 06:08:07 AM) (Source: PerfNet) (User: )
Description: Unable to open the Redirector service. Redirector performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/16/2011 06:08:06 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (08/16/2011 06:08:06 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.


System errors:
=============
Error: (08/16/2011 04:12:41 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (08/16/2011 04:12:41 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (08/16/2011 04:03:30 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (08/16/2011 04:03:30 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (08/16/2011 03:59:07 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (08/16/2011 03:59:07 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (08/16/2011 03:59:06 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (08/16/2011 03:59:06 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (08/16/2011 03:59:04 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (08/16/2011 03:59:04 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (08/16/2011 02:05:00 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

Error: (08/16/2011 02:02:51 PM) (Source: PerfNet)(User: )
Description:

Error: (08/16/2011 02:02:51 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (08/16/2011 02:02:51 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

Error: (08/16/2011 10:21:50 AM) (Source: PerfNet)(User: )
Description:

Error: (08/16/2011 10:21:49 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (08/16/2011 10:21:49 AM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

Error: (08/16/2011 06:08:07 AM) (Source: PerfNet)(User: )
Description:

Error: (08/16/2011 06:08:06 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (08/16/2011 06:08:06 AM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422


== End of log ==

#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 August 2011 - 04:00 PM

See if you can uninstall those unwanted things.
Download and run the free version of Revo Uninstaller.
Set it to 'Advanced'.
Then one at a time:

Look for program - If found:

Select it and click 'Uninstall'.
After official uninstaller has run (Step 2) hit Next.

If not there, select 'Forced Uninstall'.

In the "Program's exact name" box, enter the name.
Leave the path blank if you don't know it. Some you can enter:

c:\windows\system32\IPROSetMonitor.exe
c:\program files\windows live\family safety\fsssvc.exe
c:\windows\pss\Digital Line Detect.lnk

Hit 'Next'.

In Step 3, select all and delete everything found.

The AOL toolbar appears to be is installed in IE. See if you can disable or remove it in IE.

After you have uninstalled as much as possible, please run ComboFix again with protection disabled, and post the new log.
(Eventually we will rip out remaining unwanted things and also try to fix the many errors listed by MiniToolBox.)
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#7 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 16 August 2011 - 05:41 PM

Okay, I installed the revo uninstaller the free one, and that one didn't have forced uninstall, so I deleted and downloaded the correct one. I put in the c:\windows\system32\IPROSetMonitor.exe and they couldn't find any items. The c:\program files\windows live\family safety\fsssvc.exe was found successfully, and all files in step 3 are deleted. The Digital Line Connect has been found and deleted. I can't access the Internet Explorer with the Digital Line Connect gone. So I won't be able to remove the AOL toolbar. Also the Network Magic Icon went to green to gray with the Digital Line Connect taken out of play. I clicked on ComboFix, and it asked me since there is a new version out, if it would like me to update. I clicked yes, and it completed the update successfully. However, I didn't get anywhere past that.

#8 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 August 2011 - 05:45 PM

Sorry about that - I thought Digital Line Connect could be removed as I have never seen it before.. I also thought free Revo had forced install. Thanks for the info.

Revo made you some restore points. Follow the directions Here to restore back to before you deleted Digital Line Connect.

Then try to run ComboFix and post new log.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#9 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 16 August 2011 - 06:55 PM

It's okay. I restored it back to before the Digital Line Connect was removed. Internet Explorer works again, and Combofix has updated. Here is the new log for Combofix:

ComboFix 11-08-16.05 - Craig 08/16/2011 20:30:33.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1534 [GMT -4:00]
Running from: c:\documents and settings\Craig\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-17 00:18 . 2011-08-17 00:18 -------- d-----w- c:\documents and settings\Craig\Application Data\Apple Computer
2011-08-16 23:58 . 2011-08-16 23:58 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{256749B2-B664-4519-B609-76952BAD0DAE}\MpKslfb5e70cb.sys
2011-08-16 23:57 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{256749B2-B664-4519-B609-76952BAD0DAE}\mpengine.dll
2011-08-16 23:56 . 2011-08-16 23:56 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-16 23:55 . 2011-08-16 23:55 -------- d-----w- c:\program files\Windows Live
2011-08-16 23:55 . 2011-08-16 23:55 -------- d-----w- c:\program files\Digital Line Detect
2011-08-16 23:32 . 2011-08-16 23:55 -------- d-----w- C:\32788R22FWJFW(2)
2011-08-16 22:36 . 2011-08-16 22:36 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\VS Revo Group
2011-08-16 22:36 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-16 22:22 . 2011-08-16 22:36 -------- d-----w- c:\program files\VS Revo Group
2011-08-14 22:06 . 2011-08-14 22:06 -------- d-----w- c:\documents and settings\Craig\Application Data\f-secure
2011-08-14 21:39 . 2011-08-14 21:39 388096 ----a-r- c:\documents and settings\Craig\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-14 21:39 . 2011-08-14 21:39 -------- d-----w- c:\program files\Trend Micro
2011-08-14 19:54 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 19:54 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 04:00 . 2011-08-03 11:49 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-11 04:00 . 2011-08-03 11:49 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-11 04:00 . 2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-11 04:00 . 2011-08-03 11:49 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-11 04:00 . 2011-08-03 11:49 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-11 03:59 . 2011-08-03 11:49 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-10 01:52 . 2011-08-10 01:52 -------- d-----w- c:\windows\system32\Adobe
2011-08-10 01:33 . 2011-08-10 03:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-10 01:33 . 2011-08-10 01:48 -------- d-----w- c:\windows\system32\Macromed
2011-08-05 20:10 . 2011-08-05 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-07-30 01:10 . 2011-07-30 01:10 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\Sun
2011-07-29 13:18 . 2011-07-29 13:18 -------- d-----w- c:\program files\Common Files\Java
2011-07-29 13:14 . 2011-07-29 13:13 128000 -c--a-w- c:\windows\system32\javacpl.cpl
2011-07-28 16:12 . 2011-05-23 20:47 112800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 11:49 . 2011-05-09 15:37 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-05-09 15:37 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-05-09 15:37 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-05-09 15:37 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2011-04-08 02:15 600680 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-07-29 13:13 . 2010-04-22 04:57 544656 -c--a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2005-10-26 00:37 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2011-02-20 21:18 6881616 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-08 14:03 . 2011-07-08 14:03 669816 -c--a-w- c:\windows\system32\ncs2dmix.dll
2011-07-08 14:03 . 2011-07-08 14:03 519800 -c--a-w- c:\windows\system32\accesor.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 13:40 . 2011-07-08 13:40 140920 -c--a-w- c:\windows\system32\ncs2instutility.dll
2011-07-08 13:24 . 2011-07-08 13:24 2022520 -c--a-w- c:\windows\system32\ncscolib.dll
2011-06-30 08:38 . 2011-05-07 20:17 97504 -c--a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 08:38 . 2011-05-03 00:36 29400 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38 . 2011-05-03 00:36 242600 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38 . 2011-05-03 00:36 17416 -c--a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37 . 2011-05-03 00:36 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-28 07:12 . 2011-06-28 07:12 30368 -c--a-w- c:\windows\system32\drivers\iqvw32.sys
2011-06-24 14:10 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 17:51 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-09 19:00 . 2011-06-09 19:00 192000 -c--a-w- c:\windows\system32\Ncs2Setp.dll
2011-06-07 15:55 . 2011-07-03 11:32 7074640 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-06-02 14:02 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 15:10 . 2005-10-26 00:37 272584 -c--a-w- c:\windows\system32\Prounstl.exe
2009-01-07 22:29 . 2009-02-07 16:06 1447280 -c--a-w- c:\program files\mozilla firefox\plugins\XnpLegitCheckPlugin.dll
2011-08-16 15:42 . 2011-03-22 16:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-16_14.04.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-16 23:57 . 2011-08-16 23:57 16384 c:\windows\Temp\Perflib_Perfdata_63c.dat
+ 2006-01-19 16:00 . 2011-08-16 23:56 436360 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 15:31 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 06:02 86016 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 15:32 77824 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 15:36 114688 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 15:35 94208 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-06-23 16:33 438359 -c--a-w- c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 22:46 204288 -c--a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"MskService"=2 (0x2)
"RSVP"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)
"MsMpSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
R1 MpKslfb5e70cb;MpKslfb5e70cb;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{256749B2-B664-4519-B609-76952BAD0DAE}\MpKslfb5e70cb.sys [8/16/2011 7:58 PM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/8/2010 11:34 AM 116608]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [7/28/2011 12:12 PM 112800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/10/2011 9:26 PM 2255464]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKsl1f4d5808;MpKsl1f4d5808;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE36CBC4-B701-405D-9A06-E0187F8ABC02}\MpKsl1f4d5808.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE36CBC4-B701-405D-9A06-E0187F8ABC02}\MpKsl1f4d5808.sys [?]
S1 MpKsl32cb310f;MpKsl32cb310f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl32cb310f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl32cb310f.sys [?]
S1 MpKsl49200634;MpKsl49200634;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D449E7D-3EE9-4CE8-9DEC-7AF24B0C8F39}\MpKsl49200634.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D449E7D-3EE9-4CE8-9DEC-7AF24B0C8F39}\MpKsl49200634.sys [?]
S1 MpKsl73759412;MpKsl73759412;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl73759412.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl73759412.sys [?]
S1 MpKsl78c8f8dd;MpKsl78c8f8dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl78c8f8dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl78c8f8dd.sys [?]
S1 MpKslc2a76b69;MpKslc2a76b69;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACE2942B-B9DE-47C4-B239-5F1AD9A6025D}\MpKslc2a76b69.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACE2942B-B9DE-47C4-B239-5F1AD9A6025D}\MpKslc2a76b69.sys [?]
S1 MpKslcdb74970;MpKslcdb74970;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B98224D8-755B-439A-AEE6-225FA19DE6A8}\MpKslcdb74970.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B98224D8-755B-439A-AEE6-225FA19DE6A8}\MpKslcdb74970.sys [?]
S1 MpKsleb66d3f1;MpKsleb66d3f1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2DCADE7-084A-4D55-A7FA-637DFAB0D093}\MpKsleb66d3f1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2DCADE7-084A-4D55-A7FA-637DFAB0D093}\MpKsleb66d3f1.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [12/26/2005 1:24 AM 6656]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [8/16/2011 6:36 PM 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 1:51 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sys --> c:\windows\system32\XDva225.sys [?]
S3 XDva269;XDva269;\??\c:\windows\system32\XDva269.sys --> c:\windows\system32\XDva269.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [12/18/2010 2:25 PM 229376]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLFB5E70CB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-16 c:\windows\Tasks\JkDefrag.job
- c:\windows\tasks\JkDefragTask.cmd [2009-01-13 02:30]
.
2011-08-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yor.net/coolman5
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &AOL Toolbar search
IE: &Clean Traces
IE: &Download with &DAP
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Download &all with DAP
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{E0AC6155-5D5F-4BCA-9EDA-EE258FE6A76A}: NameServer = 156.154.70.22,156.154.71.22
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\ba5j5nfw.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-16 20:40
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\.Default]
@DACL=(02 0000)
@=""
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\.Default]
@DACL=(02 0000)
@=""
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\.Default]
@DACL=(02 0000)
@=""
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\.Default]
@DACL=(02 0000)
@=""
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(584)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3792)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-16 20:43:52
ComboFix-quarantined-files.txt 2011-08-17 00:43
ComboFix2.txt 2011-08-16 14:08
.
Pre-Run: 46,529,298,432 bytes free
Post-Run: 46,521,511,936 bytes free
.
- - End Of File - - 4BE6799A18CB088F3F687BE5E79E0B81

#10 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 August 2011 - 09:52 PM

How is the sluggishness? Any improvement?

You have Windows Defender running as a scheduled task.
To open Scheduled Tasks, click Start, click All Programs, point to Accessories, point to System Tools, and then click Scheduled Tasks. Unschedule MpCmdRun.exe if you don't want it running.

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

DDS::
IE: &AOL Toolbar search -
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-7-28 112800] -

Reglock::
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline]
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\.Default]
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert]
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\.Default]
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage]
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\.Default]
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Do you want Narrator running as a startup? http://www.bleepingc....exe-19786.html
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#11 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 17 August 2011 - 03:21 AM

All right, I removed Windows Defender as a Scheduled task, and I opened notepad and copy and pasted the text in the quotebox. I saved as CFScript.txt and dragged it into ComboFix.exe. Here is the log:

ComboFix 11-08-16.05 - Craig 08/17/2011 4:50.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1532 [GMT -4:00]
Running from: c:\documents and settings\Craig\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Craig\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-17 08:40 . 2011-08-17 08:40 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2EE7FD2-AF72-4C3D-9E53-3BF24CC2DAED}\MpKsl276381d8.sys
2011-08-17 03:05 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2EE7FD2-AF72-4C3D-9E53-3BF24CC2DAED}\mpengine.dll
2011-08-17 00:18 . 2011-08-17 00:18 -------- d-----w- c:\documents and settings\Craig\Application Data\Apple Computer
2011-08-16 23:56 . 2011-08-16 23:56 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-16 23:55 . 2011-08-16 23:55 -------- d-----w- c:\program files\Windows Live
2011-08-16 23:55 . 2011-08-16 23:55 -------- d-----w- c:\program files\Digital Line Detect
2011-08-16 23:32 . 2011-08-16 23:55 -------- d-----w- C:\32788R22FWJFW(2)
2011-08-16 22:36 . 2011-08-16 22:36 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\VS Revo Group
2011-08-16 22:36 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-16 22:22 . 2011-08-16 22:36 -------- d-----w- c:\program files\VS Revo Group
2011-08-14 22:06 . 2011-08-14 22:06 -------- d-----w- c:\documents and settings\Craig\Application Data\f-secure
2011-08-14 21:39 . 2011-08-14 21:39 388096 ----a-r- c:\documents and settings\Craig\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-14 21:39 . 2011-08-14 21:39 -------- d-----w- c:\program files\Trend Micro
2011-08-14 19:54 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 19:54 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 04:00 . 2011-08-03 11:49 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-11 04:00 . 2011-08-03 11:49 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-11 04:00 . 2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-11 04:00 . 2011-08-03 11:49 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-11 04:00 . 2011-08-03 11:49 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-11 03:59 . 2011-08-03 11:49 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-10 01:52 . 2011-08-10 01:52 -------- d-----w- c:\windows\system32\Adobe
2011-08-10 01:33 . 2011-08-10 03:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-10 01:33 . 2011-08-10 01:48 -------- d-----w- c:\windows\system32\Macromed
2011-08-05 20:10 . 2011-08-05 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-07-30 01:10 . 2011-07-30 01:10 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\Sun
2011-07-29 13:18 . 2011-07-29 13:18 -------- d-----w- c:\program files\Common Files\Java
2011-07-29 13:14 . 2011-07-29 13:13 128000 -c--a-w- c:\windows\system32\javacpl.cpl
2011-07-28 16:12 . 2011-05-23 20:47 112800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 11:49 . 2011-05-09 15:37 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-05-09 15:37 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-05-09 15:37 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-05-09 15:37 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2011-04-08 02:15 600680 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-07-29 13:13 . 2010-04-22 04:57 544656 -c--a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2005-10-26 00:37 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:03 . 2011-07-08 14:03 669816 -c--a-w- c:\windows\system32\ncs2dmix.dll
2011-07-08 14:03 . 2011-07-08 14:03 519800 -c--a-w- c:\windows\system32\accesor.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 13:40 . 2011-07-08 13:40 140920 -c--a-w- c:\windows\system32\ncs2instutility.dll
2011-07-08 13:24 . 2011-07-08 13:24 2022520 -c--a-w- c:\windows\system32\ncscolib.dll
2011-06-30 08:38 . 2011-05-07 20:17 97504 -c--a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 08:38 . 2011-05-03 00:36 29400 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38 . 2011-05-03 00:36 242600 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38 . 2011-05-03 00:36 17416 -c--a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37 . 2011-05-03 00:36 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-28 07:12 . 2011-06-28 07:12 30368 -c--a-w- c:\windows\system32\drivers\iqvw32.sys
2011-06-24 14:10 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 17:51 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-09 19:00 . 2011-06-09 19:00 192000 -c--a-w- c:\windows\system32\Ncs2Setp.dll
2011-06-07 15:55 . 2011-07-03 11:32 7074640 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-06-07 15:55 . 2011-02-20 21:18 7074640 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-02 14:02 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 15:10 . 2005-10-26 00:37 272584 -c--a-w- c:\windows\system32\Prounstl.exe
2009-01-07 22:29 . 2009-02-07 16:06 1447280 -c--a-w- c:\program files\mozilla firefox\plugins\XnpLegitCheckPlugin.dll
2011-08-16 15:42 . 2011-03-22 16:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-16_14.04.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-17 09:03 . 2011-08-17 09:03 16384 c:\windows\temp\Perflib_Perfdata_624.dat
+ 2006-01-19 16:00 . 2011-08-16 23:56 436360 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 15:31 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 06:02 86016 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 15:32 77824 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 15:36 114688 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 15:35 94208 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-06-23 16:33 438359 -c--a-w- c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 22:46 204288 -c--a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"MskService"=2 (0x2)
"RSVP"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)
"MsMpSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
R1 MpKsl276381d8;MpKsl276381d8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2EE7FD2-AF72-4C3D-9E53-3BF24CC2DAED}\MpKsl276381d8.sys [8/17/2011 4:40 AM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/8/2010 11:34 AM 116608]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [7/28/2011 12:12 PM 112800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/10/2011 9:26 PM 2255464]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKsl1f4d5808;MpKsl1f4d5808;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE36CBC4-B701-405D-9A06-E0187F8ABC02}\MpKsl1f4d5808.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE36CBC4-B701-405D-9A06-E0187F8ABC02}\MpKsl1f4d5808.sys [?]
S1 MpKsl32cb310f;MpKsl32cb310f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl32cb310f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl32cb310f.sys [?]
S1 MpKsl49200634;MpKsl49200634;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D449E7D-3EE9-4CE8-9DEC-7AF24B0C8F39}\MpKsl49200634.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D449E7D-3EE9-4CE8-9DEC-7AF24B0C8F39}\MpKsl49200634.sys [?]
S1 MpKsl73759412;MpKsl73759412;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl73759412.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl73759412.sys [?]
S1 MpKsl78c8f8dd;MpKsl78c8f8dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl78c8f8dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl78c8f8dd.sys [?]
S1 MpKslc2a76b69;MpKslc2a76b69;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACE2942B-B9DE-47C4-B239-5F1AD9A6025D}\MpKslc2a76b69.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACE2942B-B9DE-47C4-B239-5F1AD9A6025D}\MpKslc2a76b69.sys [?]
S1 MpKslcdb74970;MpKslcdb74970;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B98224D8-755B-439A-AEE6-225FA19DE6A8}\MpKslcdb74970.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B98224D8-755B-439A-AEE6-225FA19DE6A8}\MpKslcdb74970.sys [?]
S1 MpKsleb66d3f1;MpKsleb66d3f1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2DCADE7-084A-4D55-A7FA-637DFAB0D093}\MpKsleb66d3f1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2DCADE7-084A-4D55-A7FA-637DFAB0D093}\MpKsleb66d3f1.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [12/26/2005 1:24 AM 6656]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [8/16/2011 6:36 PM 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 1:51 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sys --> c:\windows\system32\XDva225.sys [?]
S3 XDva269;XDva269;\??\c:\windows\system32\XDva269.sys --> c:\windows\system32\XDva269.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [12/18/2010 2:25 PM 229376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\JkDefrag.job
- c:\windows\tasks\JkDefragTask.cmd [2009-01-13 02:30]
.
2011-08-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yor.net/coolman5
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &Clean Traces
IE: &Download with &DAP
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Download &all with DAP
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{E0AC6155-5D5F-4BCA-9EDA-EE258FE6A76A}: NameServer = 156.154.70.22,156.154.71.22
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\ba5j5nfw.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-17 05:03
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\.Default]
@DACL=(02 0000)
@=""
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(584)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(240)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Completion time: 2011-08-17 05:12:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-17 09:12
ComboFix2.txt 2011-08-17 00:43
ComboFix3.txt 2011-08-16 14:08
.
Pre-Run: 46,571,220,992 bytes free
Post-Run: 46,594,678,784 bytes free
.
- - End Of File - - A7662407187424AC3356E17EEE527E7D




And I do not want Narrator as a startup.

#12 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 August 2011 - 11:23 AM

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

DDS::
dRunOnce: [RunNarrator] Narrator.exe -
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File -
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File -

Reglock::
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail]
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\.Default]
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\Software\Microsoft\SystemCertificates\AddressBook*]


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#13 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 17 August 2011 - 01:52 PM

Here is the log for Combofix.txt:

ComboFix 11-08-17.02 - Craig 08/17/2011 15:26:43.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1470 [GMT -4:00]
Running from: c:\documents and settings\Craig\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Craig\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-17 09:14 . 2011-08-17 09:14 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{082AD0E1-6C10-4880-82B9-811A7B47DA99}\MpKsl4d5f84b8.sys
2011-08-17 09:13 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{082AD0E1-6C10-4880-82B9-811A7B47DA99}\mpengine.dll
2011-08-17 00:18 . 2011-08-17 00:18 -------- d-----w- c:\documents and settings\Craig\Application Data\Apple Computer
2011-08-16 23:56 . 2011-08-16 23:56 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-16 23:55 . 2011-08-16 23:55 -------- d-----w- c:\program files\Windows Live
2011-08-16 23:55 . 2011-08-16 23:55 -------- d-----w- c:\program files\Digital Line Detect
2011-08-16 23:32 . 2011-08-16 23:55 -------- d-----w- C:\32788R22FWJFW(2)
2011-08-16 22:36 . 2011-08-16 22:36 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\VS Revo Group
2011-08-16 22:36 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-16 22:22 . 2011-08-16 22:36 -------- d-----w- c:\program files\VS Revo Group
2011-08-14 22:06 . 2011-08-14 22:06 -------- d-----w- c:\documents and settings\Craig\Application Data\f-secure
2011-08-14 21:39 . 2011-08-14 21:39 388096 ----a-r- c:\documents and settings\Craig\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-14 21:39 . 2011-08-14 21:39 -------- d-----w- c:\program files\Trend Micro
2011-08-14 19:54 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 19:54 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 04:00 . 2011-08-03 11:49 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-11 04:00 . 2011-08-03 11:49 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-11 04:00 . 2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-11 04:00 . 2011-08-03 11:49 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-11 04:00 . 2011-08-03 11:49 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-11 03:59 . 2011-08-03 11:49 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-10 01:52 . 2011-08-10 01:52 -------- d-----w- c:\windows\system32\Adobe
2011-08-10 01:33 . 2011-08-10 03:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-10 01:33 . 2011-08-10 01:48 -------- d-----w- c:\windows\system32\Macromed
2011-08-05 20:10 . 2011-08-05 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-07-30 01:10 . 2011-07-30 01:10 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\Sun
2011-07-29 13:18 . 2011-07-29 13:18 -------- d-----w- c:\program files\Common Files\Java
2011-07-29 13:14 . 2011-07-29 13:13 128000 -c--a-w- c:\windows\system32\javacpl.cpl
2011-07-28 16:12 . 2011-05-23 20:47 112800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 11:49 . 2011-05-09 15:37 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-05-09 15:37 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-05-09 15:37 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-05-09 15:37 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2011-04-08 02:15 600680 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-07-29 13:13 . 2010-04-22 04:57 544656 -c--a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2005-10-26 00:37 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:03 . 2011-07-08 14:03 669816 -c--a-w- c:\windows\system32\ncs2dmix.dll
2011-07-08 14:03 . 2011-07-08 14:03 519800 -c--a-w- c:\windows\system32\accesor.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 13:40 . 2011-07-08 13:40 140920 -c--a-w- c:\windows\system32\ncs2instutility.dll
2011-07-08 13:24 . 2011-07-08 13:24 2022520 -c--a-w- c:\windows\system32\ncscolib.dll
2011-06-30 08:38 . 2011-05-07 20:17 97504 -c--a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 08:38 . 2011-05-03 00:36 29400 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38 . 2011-05-03 00:36 242600 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38 . 2011-05-03 00:36 17416 -c--a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37 . 2011-05-03 00:36 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-28 07:12 . 2011-06-28 07:12 30368 -c--a-w- c:\windows\system32\drivers\iqvw32.sys
2011-06-24 14:10 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 17:51 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-09 19:00 . 2011-06-09 19:00 192000 -c--a-w- c:\windows\system32\Ncs2Setp.dll
2011-06-07 15:55 . 2011-07-03 11:32 7074640 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-06-07 15:55 . 2011-02-20 21:18 7074640 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-02 14:02 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 15:10 . 2005-10-26 00:37 272584 -c--a-w- c:\windows\system32\Prounstl.exe
2009-01-07 22:29 . 2009-02-07 16:06 1447280 -c--a-w- c:\program files\mozilla firefox\plugins\XnpLegitCheckPlugin.dll
2011-08-16 15:42 . 2011-03-22 16:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-16_14.04.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-17 19:38 . 2011-08-17 19:38 16384 c:\windows\temp\Perflib_Perfdata_620.dat
+ 2006-01-19 16:00 . 2011-08-16 23:56 436360 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 15:31 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 06:02 86016 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 15:32 77824 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 15:36 114688 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 15:35 94208 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-06-23 16:33 438359 -c--a-w- c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 22:46 204288 -c--a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"MskService"=2 (0x2)
"RSVP"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)
"MsMpSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
R1 MpKsl4d5f84b8;MpKsl4d5f84b8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{082AD0E1-6C10-4880-82B9-811A7B47DA99}\MpKsl4d5f84b8.sys [8/17/2011 5:14 AM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/8/2010 11:34 AM 116608]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [7/28/2011 12:12 PM 112800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/10/2011 9:26 PM 2255464]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKsl1f4d5808;MpKsl1f4d5808;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE36CBC4-B701-405D-9A06-E0187F8ABC02}\MpKsl1f4d5808.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE36CBC4-B701-405D-9A06-E0187F8ABC02}\MpKsl1f4d5808.sys [?]
S1 MpKsl32cb310f;MpKsl32cb310f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl32cb310f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl32cb310f.sys [?]
S1 MpKsl49200634;MpKsl49200634;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D449E7D-3EE9-4CE8-9DEC-7AF24B0C8F39}\MpKsl49200634.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D449E7D-3EE9-4CE8-9DEC-7AF24B0C8F39}\MpKsl49200634.sys [?]
S1 MpKsl73759412;MpKsl73759412;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl73759412.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl73759412.sys [?]
S1 MpKsl78c8f8dd;MpKsl78c8f8dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl78c8f8dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3D56FA7-A5E9-46F8-B1A6-EA83C43CA9FB}\MpKsl78c8f8dd.sys [?]
S1 MpKslc2a76b69;MpKslc2a76b69;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACE2942B-B9DE-47C4-B239-5F1AD9A6025D}\MpKslc2a76b69.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACE2942B-B9DE-47C4-B239-5F1AD9A6025D}\MpKslc2a76b69.sys [?]
S1 MpKslcdb74970;MpKslcdb74970;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B98224D8-755B-439A-AEE6-225FA19DE6A8}\MpKslcdb74970.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B98224D8-755B-439A-AEE6-225FA19DE6A8}\MpKslcdb74970.sys [?]
S1 MpKsleb66d3f1;MpKsleb66d3f1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2DCADE7-084A-4D55-A7FA-637DFAB0D093}\MpKsleb66d3f1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2DCADE7-084A-4D55-A7FA-637DFAB0D093}\MpKsleb66d3f1.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [12/26/2005 1:24 AM 6656]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [8/16/2011 6:36 PM 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 1:51 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sys --> c:\windows\system32\XDva225.sys [?]
S3 XDva269;XDva269;\??\c:\windows\system32\XDva269.sys --> c:\windows\system32\XDva269.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [12/18/2010 2:25 PM 229376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\JkDefrag.job
- c:\windows\tasks\JkDefragTask.cmd [2009-01-13 02:30]
.
2011-08-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yor.net/coolman5
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &Clean Traces
IE: &Download with &DAP
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Download &all with DAP
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{E0AC6155-5D5F-4BCA-9EDA-EE258FE6A76A}: NameServer = 156.154.70.22,156.154.71.22
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\ba5j5nfw.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-17 15:39
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4081360589-2644460034-3144785942-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Completion time: 2011-08-17 15:48:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-17 19:48
ComboFix2.txt 2011-08-17 09:12
ComboFix3.txt 2011-08-17 00:43
ComboFix4.txt 2011-08-16 14:08
.
Pre-Run: 46,582,853,632 bytes free
Post-Run: 46,583,910,400 bytes free
.
- - End Of File - - 86E173B944596653BA0111770B490A98

#14 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 August 2011 - 02:11 PM

Please let me know if the PC is still sluggish. If so, is it sluggish all the time? Or only after you start browsing?

And are you still getting Windows Explorer error?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#15 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 17 August 2011 - 02:31 PM

It slows down considerably when I switch over to my brother's side. My side doesn't slow down as much. When I did go to disk cleanup, he has like a trillion KB of files, while my side hovers around 200,000 KB. He installs music, while I don't. I'm not getting any Windows Explorer errors for now. It could also be old remnants of Flash Player.

#16 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 August 2011 - 05:17 PM

I don't understand what you mean by "my brother's side". Please explain..
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#17 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 17 August 2011 - 07:22 PM

We both share the same computer with different accounts since it is a home computer. I have my account, and my younger brother has his.

#18 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 August 2011 - 08:10 PM

Oh, I see. The other account is a little faster. Then for sure it is your software and not some hardware problem.

I'd like to take a different look.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and post with your next replies.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#19 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 17 August 2011 - 09:07 PM

Okay, here is the OTL.Txt:

OTL logfile created on: 8/17/2011 10:50:31 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Craig\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.59% Memory free
4.85 Gb Paging File | 4.40 Gb Available in Paging File | 90.73% Paging File free
Paging file location(s): C:\pagefile.sys 3067 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.17 Gb Total Space | 43.33 Gb Free Space | 60.89% Space Free | Partition Type: NTFS
Drive E: | 132.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DHKL0Q81 | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Craig\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\IPROSetMonitor.exe (Intel Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (Intel® PROSet Monitoring Service) Intel® -- C:\WINDOWS\system32\IPROSetMonitor.exe (Intel Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (MpKsl4d5f84b8) -- File not found
DRV - (catchme) -- File not found
DRV - (MpKsl56f9382a) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AD26AFF-C39B-43D3-9FE4-16D6DE4F92EA}\MpKsl56f9382a.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (LtcyCfgWDM) -- C:\WINDOWS\system32\drivers\LtcyCfgWDM.sys ()
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yor.net/coolman5
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( )
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 03:00:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/16 11:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/29 01:07:06 | 000,000,000 | ---D | M]

[2009/03/07 20:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Craig\Application Data\Mozilla\Extensions
[2009/03/07 20:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Craig\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/07/02 07:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\ba5j5nfw.default\extensions
[2010/04/28 01:49:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\ba5j5nfw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/14 06:58:43 | 000,000,000 | ---D | M] (Vacuum Places Improved) -- C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\ba5j5nfw.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
[2011/07/29 09:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/16 11:42:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/07/29 09:14:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CRAIG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BA5J5NFW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/16 11:42:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/29 09:13:53 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/02/19 01:43:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/02/19 01:43:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/02/19 01:43:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/02/19 01:43:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/02/19 01:43:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/02/19 01:43:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/02/19 01:43:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/01/07 18:29:18 | 001,447,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\XnpLegitCheckPlugin.dll
[2011/03/22 12:01:08 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/07/24 09:37:54 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/03/22 12:01:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/07/24 09:37:54 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2011/03/22 12:01:08 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/03/22 12:01:08 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/03/22 12:01:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/03/22 12:01:08 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/08/17 15:39:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/11/14 15:56:01 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/11/14 15:56:01 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/11/14 15:56:01 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/11/14 15:56:01 | 000,000,000 | ---D | M]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([v5.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Value error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/10/14 07:12:08 | 000,000,027 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/17 22:41:20 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
[2011/08/17 15:37:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/16 20:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Application Data\Apple Computer
[2011/08/16 19:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/08/16 19:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/08/16 19:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2011/08/16 19:32:02 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[2011/08/16 18:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Local Settings\Application Data\VS Revo Group
[2011/08/16 18:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/08/16 18:36:41 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/08/16 18:35:35 | 007,812,840 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Craig\Desktop\RevoUninProSetup.exe
[2011/08/16 18:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/08/16 09:51:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/16 09:51:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/16 09:51:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/16 09:51:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/16 09:50:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/16 09:50:04 | 004,175,495 | R--- | C] (Swearware) -- C:\Documents and Settings\Craig\Desktop\ComboFix.exe
[2011/08/14 18:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Application Data\f-secure
[2011/08/14 17:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Start Menu\Programs\HiJackThis
[2011/08/14 17:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/14 17:30:40 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Craig\Desktop\dds.scr
[2011/08/14 15:54:10 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/14 15:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/14 15:54:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/14 14:16:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Craig\Recent
[2011/08/11 00:00:06 | 000,145,000 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2011/08/11 00:00:03 | 013,892,200 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2011/08/11 00:00:03 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2011/08/11 00:00:01 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2011/08/10 23:59:08 | 016,191,488 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2011/08/10 23:59:08 | 000,914,024 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2011/08/10 23:59:08 | 000,875,112 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2011/08/10 23:59:07 | 012,542,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2011/08/10 23:59:07 | 005,427,200 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/08/10 23:59:07 | 004,210,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/08/10 23:59:07 | 004,210,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2011/08/10 23:59:07 | 002,404,864 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2011/08/10 23:58:02 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/08/10 21:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/08/10 21:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Phyxion.net
[2011/08/10 21:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/08/09 21:52:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/08/09 21:33:23 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/09 21:33:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/08/05 16:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/07/29 21:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Craig\Local Settings\Application Data\Sun
[2011/07/29 09:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/29 09:14:14 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/07/29 09:14:14 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/07/29 09:14:14 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/07/29 09:14:14 | 000,128,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/28 12:12:18 | 000,112,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\IPROSetMonitor.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,136,991 | R--- | M] () -- C:\Documents and Settings\Craig\My Documents\IMG01930.JPG
[2011/08/17 22:41:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig\Desktop\OTL.exe
[2011/08/17 15:44:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/17 15:39:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/17 15:38:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/17 15:24:34 | 004,175,495 | R--- | M] (Swearware) -- C:\Documents and Settings\Craig\Desktop\ComboFix.exe
[2011/08/16 23:59:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\JkDefrag.job
[2011/08/16 23:03:36 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/16 18:36:04 | 007,812,840 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Craig\Desktop\RevoUninProSetup.exe
[2011/08/16 16:12:48 | 000,376,369 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\MiniToolBox.exe
[2011/08/14 17:44:39 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\SecurityCheck.exe
[2011/08/14 17:40:12 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\HiJackThis.lnk
[2011/08/14 17:39:28 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Craig\Desktop\HiJackThis.msi
[2011/08/14 17:30:44 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Craig\Desktop\dds.scr
[2011/08/13 02:20:40 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/13 01:53:56 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/08/10 23:59:56 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/10 23:59:55 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/10 23:59:49 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/10 21:24:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/08/10 10:09:57 | 000,498,484 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 10:09:57 | 000,087,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 05:02:30 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Craig\ntuser.bak
[2011/08/09 23:52:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/03 07:49:00 | 017,186,816 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/08/03 07:49:00 | 016,191,488 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2011/08/03 07:49:00 | 013,892,200 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2011/08/03 07:49:00 | 012,542,592 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2011/08/03 07:49:00 | 005,427,200 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/08/03 07:49:00 | 004,210,816 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/08/03 07:49:00 | 004,210,816 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2011/08/03 07:49:00 | 002,404,864 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2011/08/03 07:49:00 | 002,387,560 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/08/03 07:49:00 | 002,128,778 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2011/08/03 07:49:00 | 002,090,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/08/03 07:49:00 | 000,914,024 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2011/08/03 07:49:00 | 000,875,112 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2011/08/03 07:49:00 | 000,600,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\easyUpdatusAPIU.dll
[2011/08/03 07:49:00 | 000,145,000 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2011/08/03 07:49:00 | 000,111,208 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2011/08/03 07:49:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/08/03 07:49:00 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2011/08/03 07:49:00 | 000,003,249 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/07/29 09:13:51 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/07/29 09:13:51 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/07/29 09:13:51 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/07/29 09:13:51 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/29 09:13:50 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/07/28 13:43:17 | 001,475,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/17 04:56:26 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/16 16:12:39 | 000,376,369 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\MiniToolBox.exe
[2011/08/16 09:51:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/16 09:51:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/16 09:51:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/16 09:51:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/16 09:51:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/14 17:44:33 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\SecurityCheck.exe
[2011/08/14 17:39:53 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\HiJackThis.lnk
[2011/08/14 17:39:23 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Craig\Desktop\HiJackThis.msi
[2011/08/10 23:59:08 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/08/10 23:59:08 | 000,003,249 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/08/10 21:24:29 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/10 21:24:29 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/10 21:24:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/10 21:24:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/06/16 19:08:32 | 000,001,655 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/05/09 11:37:48 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/09/26 23:57:11 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/02/12 17:14:32 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/07/27 13:42:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/27 17:19:04 | 000,000,228 | ---- | C] () -- C:\WINDOWS\System32\edacded0.dat
[2009/05/14 11:12:13 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0_x.dat
[2008/11/25 15:18:44 | 000,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin
[2008/10/26 22:43:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/07 00:02:13 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/12/03 15:47:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/10/21 12:39:39 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/02 22:57:55 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/02 22:57:55 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\84F3C58521.sys
[2006/02/16 11:47:07 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Craig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/28 13:31:09 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Craig\Application Data\PFP120JPR.{PB
[2006/01/28 13:31:09 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Craig\Application Data\PFP120JCM.{PB
[2006/01/22 10:59:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Craig\Local Settings\Application Data\fusioncache.dat
[2005/12/26 01:24:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\LtcyCfgWDM.sys
[2005/12/24 02:37:51 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/11/27 19:01:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/25 17:33:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/11/12 10:51:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/11 14:29:20 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/10/29 12:31:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/10/25 21:16:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/25 21:13:33 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/10/25 21:05:20 | 000,000,356 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/25 21:01:06 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/25 20:37:44 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/04 22:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 001,475,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,498,484 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,087,216 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/27 18:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2002/01/08 21:03:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MiniBrowser.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2011/08/05 16:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2009/01/08 14:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/10/22 15:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/26 21:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/07/21 18:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/02/18 11:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/25 10:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/01/25 11:13:25 | 000,000,000 | ---D | M] -- C:\Documents and

#20 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 17 August 2011 - 09:09 PM

This is the Extras.Txt:

OTL Extras logfile created on: 8/17/2011 10:50:31 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Craig\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.59% Memory free
4.85 Gb Paging File | 4.40 Gb Available in Paging File | 90.73% Paging File free
Paging file location(s): C:\pagefile.sys 3067 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.17 Gb Total Space | 43.33 Gb Free Space | 60.89% Space Free | Partition Type: NTFS
Drive E: | 132.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DHKL0Q81 | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = YBrowser.HTML] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 (Yahoo!, Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Verizon Yahoo! Music Jukebox -- (Yahoo!)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB03}" = La Tale
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{25EF00C6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Consumer DSL 6.1
"{25EF00D1-F17B-11D6-88EA-000476CD2443}" =
"{25EF03FD-F17B-11D6-88EA-000476CD2443}" =
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{26B5AD79-EE99-4E17-93A6-AF215E3A81E9}" = VC90_CRT_x86
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E819828-BC8D-4177-BEBB-425FAFF89E6B}" = Microsoft XML Parser SDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{403EF592-953B-4794-BCEF-ECAB835C2095}" =
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.1.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7A35F91E-1D16-454F-A248-B9B782A2327C}" = Dell Support 3.2.1
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7D62ABA3-35EC-623E-2C5F-1B3332CB705B}" = Media Go Video Playback Engine 1.64.107.02280
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AA1675E3-4D03-4808-BDF5-992619544D12}" = Intel® Network Connections 16.4.69.0
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AudioPlugin.dll" =
"CCleaner" = CCleaner
"CopyNow.dll" =
"DataPlugin.dll" =
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Download Manager" = Download Manager 2.3.7
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Eusing Free Registry Defrag" = Eusing Free Registry Defrag
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Interactive Training" =
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"Network MagicUninstall" = Network Magic
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"PCHealth" =
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Road Runner Install_is1" = Road Runner Install
"Road Runner Tech Install_is1" = RoadRunner Tech Install
"ScanDefrag" = ScanDefrag (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"Verizon Online Help and Support" = Verizon Online Help and Support
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/17/2011 4:39:34 AM | Computer Name = DHKL0Q81 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 8/17/2011 4:39:39 AM | Computer Name = DHKL0Q81 | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
not be returned. Error code returned is in data DWORD 0.

Error - 8/17/2011 5:03:15 AM | Computer Name = DHKL0Q81 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 8/17/2011 5:03:15 AM | Computer Name = DHKL0Q81 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 8/17/2011 5:03:19 AM | Computer Name = DHKL0Q81 | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
not be returned. Error code returned is in data DWORD 0.

Error - 8/17/2011 3:38:38 PM | Computer Name = DHKL0Q81 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 8/17/2011 3:38:38 PM | Computer Name = DHKL0Q81 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 8/17/2011 3:38:42 PM | Computer Name = DHKL0Q81 | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
not be returned. Error code returned is in data DWORD 0.

Error - 8/17/2011 4:43:07 PM | Computer Name = DHKL0Q81 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 8/17/2011 8:32:38 PM | Computer Name = DHKL0Q81 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 8/17/2011 9:22:20 PM | Computer Name = DHKL0Q81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/17/2011 9:36:56 PM | Computer Name = DHKL0Q81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/17/2011 9:37:40 PM | Computer Name = DHKL0Q81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/17/2011 9:37:40 PM | Computer Name = DHKL0Q81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/17/2011 9:45:11 PM | Computer Name = DHKL0Q81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/17/2011 9:45:11 PM | Computer Name = DHKL0Q81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/17/2011 9:45:11 PM | Computer Name = DHKL0Q81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/17/2011 10:14:16 PM | Computer Name = DHKL0Q81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/17/2011 10:41:23 PM | Computer Name = DHKL0Q81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/17/2011 10:41:23 PM | Computer Name = DHKL0Q81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

[ Windows PowerShel Events ]
Error - 8/17/2011 4:39:34 AM | Computer Name = DHKL0Q81 | Source = VSS | ID = 8193
Description =

Error - 8/17/2011 4:39:39 AM | Computer Name = DHKL0Q81 | Source = PerfNet | ID = 2002
Description =

Error - 8/17/2011 5:03:15 AM | Computer Name = DHKL0Q81 | Source = EventSystem | ID = 4609
Description =

Error - 8/17/2011 5:03:15 AM | Computer Name = DHKL0Q81 | Source = VSS | ID = 8193
Description =

Error - 8/17/2011 5:03:19 AM | Computer Name = DHKL0Q81 | Source = PerfNet | ID = 2002
Description =

Error - 8/17/2011 3:38:38 PM | Computer Name = DHKL0Q81 | Source = EventSystem | ID = 4609
Description =

Error - 8/17/2011 3:38:38 PM | Computer Name = DHKL0Q81 | Source = VSS | ID = 8193
Description =

Error - 8/17/2011 3:38:42 PM | Computer Name = DHKL0Q81 | Source = PerfNet | ID = 2002
Description =

Error - 8/17/2011 4:43:07 PM | Computer Name = DHKL0Q81 | Source = EventSystem | ID = 4609
Description =

Error - 8/17/2011 8:32:38 PM | Computer Name = DHKL0Q81 | Source = EventSystem | ID = 4609
Description =


< End of report >

#21 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 August 2011 - 11:34 PM

Bring up OTL (don't run it just yet).

In the Custom Scans/Fixes box at the bottom, paste in the following:
[box]:OTL
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Value error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
htmlfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:Files

:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[PURITY]
[CREATERESTOREPOINT]
[/box]
Close other windows.
Then click 'Run Fix'.

Post the log OTL.TXT in your reply.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#22 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 18 August 2011 - 05:52 AM

Here is the log for OTL.TXT:

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File File not found not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File File not found not found.
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85d1f590-48f4-11d9-9669-0800200c9a66}\ not found.
Starting removal of ActiveX control {0CCA191D-13A6-4E29-B746-314DEE697D83}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Barry
->Temp folder emptied: 61 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9199512 bytes
->Flash cache emptied: 688 bytes

User: Craig
->Temp folder emptied: 1418 bytes
->Temporary Internet Files folder emptied: 83178 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 734997904 bytes
->Flash cache emptied: 101985 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lyner
->Temp folder emptied: 973773 bytes
->Temporary Internet Files folder emptied: 45931731 bytes
->Java cache emptied: 577429 bytes
->FireFox cache emptied: 537682756 bytes
->Flash cache emptied: 3298 bytes

User: NetworkService
->Temp folder emptied: 2302 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Zephyr
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1865 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,268.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Barry
->Flash cache emptied: 0 bytes

User: Craig
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: Lyner
->Flash cache emptied: 0 bytes

User: NetworkService

User: UpdatusUser

User: Zephyr
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.5 log created on 08182011_073140

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Barry\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5IZO1YV\cal=premium&cl_border=FFFFFF&cl_bg=FFFFFF&cl_title=0080C0&cl_text=0D3700&fn_title=Verdana&fn_text=Verdana&cb=808&required_text=overture&output=simplejs&callback=ch_ad_render_search not found!

Registry entries deleted on Reboot...

#23 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2011 - 09:42 AM

I think we have done about all we can. I am a bit worried about all those other accounts on the PC which may be using things that you are not.

If still sluggish, try disabling unnecessary startups. You can use StartupLite
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#24 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 18 August 2011 - 02:07 PM

All right. I'll try to soldier on through, until I can upgrade to Windows 7. The maximum amount of memory this computer can take is 2 Gigabytes, and this has 2 gigabytes already. The original came with 512 mb or 256 mb dual channeled. Eventually, when I do upgrade, I'll shoot for 8 Gigabytes. I have 2 questions. What programs should I disable for StartupLite? And as far as firewalls, is Online Armor better to go with than Comodo?

#25 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2011 - 03:34 PM

They are both good.

Try to have just one firewall, one antivirus, and one antispyware running in realtime mode. Two of the same type can interfere with one another and actually lessen your protection. For instance, don't run Malwarebytes Anti-Malware and Super AntiSpyware at the same time.

StartupLite only shows you ones you can safely disable or remove. You must decide based on your own convenience. If there is a program you run all the time you may want to keep it as a Startup rather than have to start it manually every time you reboot.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#26 CoolMan5

CoolMan5

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 18 August 2011 - 06:21 PM

That is good to know. Thanks a lot for your help. When I do get Windows 7, I will go for at least 8 Gigabytes. More memory, less slowdown. Do you have any other tips?

#27 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2011 - 07:14 PM

Be very careful about file sharing, and one P2P program is enough. Scan every file you download. Make a Restore Point at least once a week.

Time for cleanup.

Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

Delete the DDS files and Security Check folder from your Desktop.

Run OTL and click the 'CleanUp' button.

Advice for malware prevention:

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Chrome is another good option.
If you are interested, Firefox may be downloaded from here
Chrome is available here: http://www.google.co...e/features.html

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button