Page 1 of 3 123 LastLast
Results 1 to 10 of 25
  1. #1
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default "file wuauclt.exe is infected" message, XXX pop-ups, and I can't run help software

    I have a computer that is infected and the virus/whatever it is blocks all of my help programs from running so I cannot post any logs. I notice you require people to run the list of help software and post logs, but I have tried to do that and can't...I hope you can help me anyway. All of the programs just shut down immediately after opening.

    I get a pop-up that says, "The file wusuclt.exe is infected. Do you want to activate your antivirus software now?" every 10 seconds or so, and in addition when I try to open or install CCleaner, SuperAntiSpyware, HijackThis, or MalwareBytes a message pops up to say that those program files are infected. I also get pop-ups on the bottom right of the screen saying that my computer is infected and do I want to block such and such. Additionally, IE will open up by itself every so often with porn ads on it.

    That computer is a Windows XP.

    Thank you for your help. Please let me know if there is anything else you need to know.

  2. #2
    Member Spyware Fighter schrauber's Avatar
    Join Date
    Jun 2010
    Location
    Germany
    Posts
    175
    Points
    6

    Default

    Hello, cyndyinohio
    Welcome to the Help2Go Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



    Please take note of some guidelines for this fix:
    • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
    • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
    • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
    • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
    • Please set your system to show all files.
      Click Start, open My Computer, select the Tools menu and click Folder Options.
      Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
      Uncheck: Hide file extensions for known file types
      Uncheck the Hide protected operating system files (recommended) option.
      Click Yes to confirm.






    1. Please download OTL from one of the following mirrors:
    2. Save it to your desktop.
    3. Double click on the icon on your desktop.
    4. Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized






    Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
    • Click on this link to see a list of programs that should be disabled.
    • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
    • Allow the driver to load if asked.
    • You may be prompted to scan immediately if it detects rootkit activity.
    • If you are prompted to scan your system click "No", save the log and post back the results.
    • If not prompted, click the "Rootkit/Malware" tab.
    • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
    • Select all drives that are connected to your system to be scanned.
    • Click the Scan button to begin. (Please be patient as it can take some time to complete)
    • When the scan is finished, click Save to save the scan results to your Desktop.
    • Save the file as Results.log and copy/paste the contents in your next reply.
    • Exit the program and re-enable all active protection when done.
    regards

    schrauber



  3. #3
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    I set my system to show all files and saved OTL to my desktop. When I double click on the icon, however, I get the same result as with the other programs...a message pops up on the bottom right and says that the application cannot be executed because the file otl.exe is infected. If the OTL screen comes up at all (it usually doesn't) it is only for a split second before it disappears.

  4. #4
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    I started my computer today and saw that the pop-ups did not start right away, so I thought I'd try to open OTL to see if it could open before the pop-ups started and it did! So, I was able to paste in the text and do a quick scan. I will post the results...may have to put the Extras.txt in another reply since they are long. I will attempt to download GMER and follow those steps another day since it is so late already. I will post again when I am able to do that.

    OTL.TXT:




    OTL logfile created on: 7/2/2010 11:55:59 PM - Run 1
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\BIldad\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): C:\pagefile.sys 500 1500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.72 Gb Total Space | 0.93 Gb Free Space | 1.30% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 43.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SETH
    Current User Name: BIldad
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/01 22:55:43 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BIldad\Desktop\OTL.exe
    PRC - [2010/06/28 17:43:41 | 000,286,464 | ---- | M] () -- C:\Documents and Settings\BIldad\Local Settings\Application Data\ulfowpmhg\ouilbjatssd.exe
    PRC - [2010/06/27 19:00:47 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/05/08 19:20:34 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
    PRC - [2009/01/14 17:50:20 | 000,491,520 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.exe
    PRC - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/03/03 12:46:58 | 000,622,592 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
    PRC - [2005/11/16 06:49:44 | 005,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    PRC - [2004/02/06 23:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/01 22:55:43 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BIldad\Desktop\OTL.exe
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
    SRV - [2009/10/12 20:19:07 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
    SRV - [2009/05/08 19:20:34 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
    SRV - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
    DRV - [2009/05/05 17:46:08 | 000,014,464 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2009/05/05 17:46:08 | 000,013,440 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\UBHelper.sys -- (UBHelper)
    DRV - [2009/01/05 14:54:56 | 000,500,736 | ---- | M] (Atheros Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211BU.sys -- (ZD1211BU(TP-LINK)) TP-LINK Wireless USB Adapter Driver(TP-LINK)
    DRV - [2009/01/05 14:54:56 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZDPSp50.sys -- (ZDPSp50)
    DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\adfs.sys -- (adfs)
    DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2005/10/27 16:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
    DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - [2005/02/01 19:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\bcm42rly.sys -- (BCM42RLY)
    DRV - [2005/01/21 20:02:00 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
    DRV - [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/11/23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
    DRV - [2004/11/16 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/11/16 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/11/16 01:05:00 | 000,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/11/16 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/11/16 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/11/16 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/11/16 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/11/16 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/11/16 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
    DRV - [2004/10/06 11:39:14 | 000,283,904 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\A5AGU.sys -- (A5AGU)
    DRV - [2004/10/04 07:28:38 | 000,043,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Athfmwdl.sys -- (ATHFMWDL)
    DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
    DRV - [2004/07/27 12:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\ANIO.sys -- (ANIO)
    DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
    DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
    DRV - [2004/05/19 23:39:38 | 000,046,880 | ---- | M] (Alfa Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AFPAnsi.sys -- (AFPAnsi)
    DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
    DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
    DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
    DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -- (Aspi32)
    DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
    DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Icam3.sys -- (ICAM3NT5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Laptops, Desktop Computers, Monitors, Printers & PC Accessories | Dell
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://www.swagbucks.com/\r"
    FF - prefs.js..extensions.enabledItems: es-MX@dictionaries.addons.mozilla.org:1.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {e2337727-f9c9-411b-929e-287584341d1a}:3.1.3
    FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.5.6.0


    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 23:55:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 23:55:33 | 000,000,000 | ---D | M]

    [2009/07/28 22:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\Mozilla\Extensions
    [2009/07/28 22:53:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BIldad\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/06/28 17:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\Mozilla\Firefox\Profiles\0bmpakgt.default\extensions
    [2009/08/18 21:24:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BIldad\Application Data\Mozilla\Firefox\Profiles\0bmpakgt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/02/12 23:55:16 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Documents and Settings\BIldad\Application Data\Mozilla\Firefox\Profiles\0bmpakgt.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
    [2009/11/07 09:31:20 | 000,000,000 | ---D | M] (LinkedIn Companion for Firefox) -- C:\Documents and Settings\BIldad\Application Data\Mozilla\Firefox\Profiles\0bmpakgt.default\extensions\{e2337727-f9c9-411b-929e-287584341d1a}
    [2009/10/20 23:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\Mozilla\Firefox\Profiles\0bmpakgt.default\extensions\es-MX@dictionaries.addons.mozilla.org
    [2009/09/01 12:24:10 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\BIldad\Application Data\Mozilla\Firefox\Profiles\0bmpakgt.default\searchplugins\conduit.xml
    [2010/06/30 00:08:59 | 000,005,227 | ---- | M] () -- C:\Documents and Settings\BIldad\Application Data\Mozilla\Firefox\Profiles\0bmpakgt.default\searchplugins\linkedin.xml
    [2010/06/30 00:09:05 | 000,005,242 | ---- | M] () -- C:\Documents and Settings\BIldad\Application Data\Mozilla\Firefox\Profiles\0bmpakgt.default\searchplugins\linkedinjobs.xml
    [2007/06/03 19:27:35 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\BIldad\Application Data\Mozilla\Firefox\Profiles\0bmpakgt.default\searchplugins\siteadvisor.xml
    [2010/06/28 15:54:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/11/18 14:56:46 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

    O1 HOSTS File: ([2009/06/30 16:39:33 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {119DBEDA-9C41-4F97-94B4-B6BCD01133CF} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [wmgunjsl] C:\Documents and Settings\BIldad\Local Settings\Application Data\ulfowpmhg\ouilbjatssd.exe ()
    O4 - HKLM..\Run: [ZDWlan.EXE] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE (TP-LINK TECHNOLOGIES CO., LTD.)
    O4 - HKCU..\Run: [wmgunjsl] C:\Documents and Settings\BIldad\Local Settings\Application Data\ulfowpmhg\ouilbjatssd.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = C2 FF FF 03 [binary data]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = [binary data]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = [binary data]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_6.cab (FixController Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1188059793234 (WUWebControl Class)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1199246954921 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\BIldad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\BIldad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2005/03/15 21:11:00 | 002,049,015 | R--- | M] (D-Link Systems, Inc. ) - E:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2005/03/15 21:11:00 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2005/01/21 19:24:10 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/07/01 22:55:37 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BIldad\Desktop\OTL.exe
    [2010/07/01 00:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/07/01 00:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BIldad\Application Data\Malwarebytes
    [2010/06/30 23:56:43 | 000,000,000 | ---D | C] -- C:\0a1dd7293d86ba18355d4c
    [2010/06/30 23:56:36 | 000,000,000 | ---D | C] -- C:\10c4d8afcea0b08852
    [2010/06/30 23:55:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/06/30 23:55:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/06/30 23:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/06/30 23:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/06/30 23:54:45 | 000,000,000 | ---D | C] -- C:\f81b729f7c9711996a
    [2010/06/30 23:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/06/28 17:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BIldad\Local Settings\Application Data\ulfowpmhg
    [2010/06/27 19:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BIldad\Desktop\games
    [2010/06/23 08:22:58 | 000,000,000 | ---D | C] -- C:\10805d867a5b54e7ea
    [2010/04/21 16:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BIldad\.ProMPIX
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/07/02 23:51:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/02 23:51:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2010/07/02 23:51:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2010/07/02 23:51:33 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
    [2010/07/01 23:53:24 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\BIldad\ntuser.dat
    [2010/07/01 23:53:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\BIldad\NTUSER.INI
    [2010/07/01 23:25:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2517263868-2245250164-1559680526-1006UA.job
    [2010/07/01 22:55:43 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BIldad\Desktop\OTL.exe
    [2010/06/30 23:55:32 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/30 23:53:58 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\BIldad\Desktop\CCleaner.lnk
    [2010/06/29 22:25:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2517263868-2245250164-1559680526-1006Core.job
    [2010/06/26 23:58:13 | 000,002,873 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
    [2010/06/26 23:58:13 | 000,001,024 | ---- | M] () -- C:\WINDOWS\WIN.INI
    [2010/06/26 23:58:13 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
    [2010/06/25 18:30:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (CN2PF61-BIldad).job
    [2010/06/25 18:30:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (1) (CN2PF61-BIldad).job
    [2010/06/24 22:34:42 | 000,524,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/24 22:34:42 | 000,442,680 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2010/06/24 22:34:42 | 000,071,946 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2010/06/16 22:44:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/06/16 17:31:47 | 000,522,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ArmagetronAdvancedDebugRecording.aarec
    [2010/06/09 23:57:01 | 002,013,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/09 22:22:47 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/06/05 17:14:38 | 001,577,766 | -H-- | M] () -- C:\Documents and Settings\BIldad\Local Settings\Application Data\IconCache.db
    [2010/05/05 08:58:01 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/29 09:58:47 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\BIldad\Desktop\Microsoft Word.lnk
    [2010/04/21 16:14:13 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\BIldad\Desktop\mpixpro ROES.lnk
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/06/30 23:55:32 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/30 23:53:58 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\BIldad\Desktop\CCleaner.lnk
    [2010/06/16 17:26:54 | 000,522,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ArmagetronAdvancedDebugRecording.aarec
    [2010/04/21 16:14:13 | 000,001,882 | ---- | C] () -- C:\Documents and Settings\BIldad\Desktop\mpixpro ROES.lnk
    [2009/12/13 17:37:42 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
    [2009/12/08 11:57:08 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2009/11/17 13:02:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Edmark.ini
    [2009/10/19 16:02:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\QTWMCI32.DLL
    [2009/10/08 13:07:29 | 000,000,081 | ---- | C] () -- C:\WINDOWS\QTW.INI
    [2009/09/05 18:01:34 | 000,000,797 | ---- | C] () -- C:\WINDOWS\hegames.ini
    [2009/08/13 16:53:23 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2009/08/13 16:53:23 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2007/10/14 23:02:13 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2007/04/02 10:18:36 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2007/03/25 17:37:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2007/03/25 17:36:47 | 000,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
    [2006/09/24 10:34:21 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
    [2006/09/24 10:34:04 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
    [2006/09/24 10:33:57 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
    [2006/09/24 10:31:32 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
    [2006/09/24 10:30:29 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
    [2006/09/24 10:29:30 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2006/07/24 23:06:11 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2006/07/24 23:06:11 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2006/07/24 23:06:11 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2006/06/30 09:50:09 | 000,011,264 | R--- | C] () -- C:\WINDOWS\System32\TEKYUV.DLL
    [2006/06/30 09:50:07 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\rmp4.dll
    [2006/06/30 09:50:07 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\mpegdecoder.dll
    [2006/06/30 09:50:07 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\dsrmp4.dll
    [2006/06/30 09:50:06 | 000,023,552 | R--- | C] () -- C:\WINDOWS\System32\pdi.dll
    [2006/06/30 09:50:04 | 000,921,600 | R--- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2006/06/30 09:50:04 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\OggDS.dll
    [2006/06/30 09:50:04 | 000,188,416 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2006/06/30 09:50:04 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2006/06/30 09:50:04 | 000,000,702 | R--- | C] () -- C:\WINDOWS\MMTVMJ.INI
    [2006/06/30 09:50:03 | 000,000,761 | R--- | C] () -- C:\WINDOWS\M3JP2K.INI
    [2006/06/30 09:50:02 | 000,000,714 | R--- | C] () -- C:\WINDOWS\m3jpeg.ini
    [2006/06/30 09:49:55 | 000,413,760 | R--- | C] () -- C:\WINDOWS\System32\mpg4c32.dll
    [2006/06/30 09:49:49 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
    [2006/06/30 09:49:48 | 000,077,664 | R--- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
    [2006/06/30 09:49:48 | 000,056,832 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
    [2006/06/30 09:49:46 | 000,152,064 | R--- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2006/06/30 09:49:38 | 000,066,560 | R--- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
    [2006/06/30 09:49:37 | 000,092,672 | R--- | C] () -- C:\WINDOWS\System32\ASUSASV2.dll
    [2006/06/30 09:49:37 | 000,071,680 | R--- | C] () -- C:\WINDOWS\System32\ASUSASV1.DLL
    [2006/06/30 09:49:35 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
    [2006/06/30 09:49:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AVIWRAP.DLL
    [2006/06/30 09:49:33 | 000,482,816 | R--- | C] () -- C:\WINDOWS\System32\VFCodec.dll
    [2006/06/30 09:49:33 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
    [2006/06/30 09:49:26 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\AVIZLIB.DLL
    [2006/06/30 09:49:26 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\AVIMSZH.DLL
    [2006/06/30 09:49:22 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
    [2006/06/30 09:49:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\libfaad.dll
    [2006/06/19 09:57:42 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
    [2005/02/06 17:56:35 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\VSCRDD32.DLL
    [2005/02/06 17:56:34 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\esafedrv.dll
    [2005/02/06 17:56:34 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\npen32.dll
    [2005/02/06 17:56:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\enph.dll
    [2005/02/06 17:56:34 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\em32.dll
    [2005/01/30 18:46:24 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2005/01/30 18:09:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/01/30 14:37:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2005/01/21 20:05:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/01/21 19:58:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/01/21 19:27:02 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
    [2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
    [1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

    ========== LOP Check ==========

    [2009/08/01 15:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
    [2009/10/12 20:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2008/12/24 00:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
    [2007/11/23 17:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2007/04/06 19:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2008/12/24 00:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/11/18 22:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/09/22 10:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2008/02/26 23:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\acccore
    [2009/08/01 15:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\Armagetron
    [2008/09/14 14:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/06/26 23:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\Dropbox
    [2009/11/18 14:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\E-centives
    [2010/04/06 14:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\Facebook
    [2009/09/21 10:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\HDRsoft
    [2007/12/15 18:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\Image Zone Express
    [2009/12/05 21:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\Inkscape
    [2005/01/30 15:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\Leadertech
    [2008/09/03 22:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\National Instruments
    [2007/12/15 18:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\Printer Info Cache
    [2009/07/28 22:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BIldad\Application Data\Thunderbird

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
    [2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
    [2009/06/30 13:44:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
    [2009/06/30 13:44:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
    [2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
    [2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
    [2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
    [2009/06/30 13:44:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
    [2009/06/30 13:44:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
    [2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
    [2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
    [2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
    [2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
    [2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
    [2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
    [2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
    < End of report >

  5. #5
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    Below is part of the extras.txt...it would not let me put it into one reply because of too many images. I'll put the 2nd part in a separate reply.





    OTL Extras logfile created on: 7/2/2010 11:55:59 PM - Run 1
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\BIldad\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): C:\pagefile.sys 500 1500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.72 Gb Total Space | 0.93 Gb Free Space | 1.30% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 43.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SETH
    Current User Name: BIldad
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10421:UDP" = 10421:UDP:*isabled:SingleClick Discovery Protocol
    "10426:UDP" = 10426:UDP:*isabled:SingleClick ICC
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

  6. #6
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    Extras.txt, part 2 (will need to separate it more as it won't let me put it all here):

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabledell Network Assistant -- File not found
    "C:\Documents and Settings\April\Desktop\utorrent.exe" = C:\Documents and Settings\April\Desktop\utorrent.exe:*isabled:µTorrent -- File not found
    "C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*isabled:Age of Empires II -- File not found
    "C:\Program Files\Common Files\AOL\1150725572\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1150725572\ee\aim6.exe:*isabled:AIM -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*isabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*isabled:AOL -- File not found
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*isabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*isabled:AOL Loader -- File not found
    "C:\Program Files\Common Files\AOL\1150725572\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1150725572\ee\aolsoftware.exe:*isabled:AOL Services -- File not found
    "C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*isabled:Ares -- File not found

  7. #7
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    Extras.txt, part 3:

    "C:\Program Files\Steam\SteamApps\xanadune\counter-strike\hl.exe" = C:\Program Files\Steam\SteamApps\xanadune\counter-strike\hl.exe:*isabled:Half-Life Launcher -- File not found
    "C:\Program Files\Steam\SteamApps\xanadune\condition zero deleted scenes\hl.exe" = C:\Program Files\Steam\SteamApps\xanadune\condition zero deleted scenes\hl.exe:*isabled:Half-Life Launcher -- File not found
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*isabled:McAfee Network Agent -- File not found
    "C:\Dynamix\Tribes2\GameData\tribes2.exe" = C:\Dynamix\Tribes2\GameData\tribes2.exe:*isabled:Tribes2 Launcher -- File not found
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
    "C:\Documents and Settings\BIldad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\BIldad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\BIldad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\BIldad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
    "C:\Documents and Settings\BIldad\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\BIldad\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- ()
    "C:\Program Files\BZFlag2.0.14\bzflag.exe" = C:\Program Files\BZFlag2.0.14\bzflag.exe:*:Enabled:bzflag -- File not found
    "C:\Program Files\BZFlag2.0.14\bzfs.exe" = C:\Program Files\BZFlag2.0.14\bzfs.exe:*isabled:bzfs -- File not found
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
    "{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
    "{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
    "{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
    "{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
    "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
    "{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
    "{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
    "{300EBE97-0E16-4bf4-B2DD-CEDA6CB46C9C}" = 2400_2500Help
    "{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
    "{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3B4FF449-09F0-4dcc-8822-3D7BB7F5FED1}" = 2400
    "{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
    "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
    "{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
    "{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
    "{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}" = Adobe Photoshop Lightroom 2.4
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
    "{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
    "{5C2EBBF9-B81F-47b7-9136-EE70E6740C2A}" = 2400_2500trb
    "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
    "{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
    "{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
    "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
    "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
    "{7CBD8A89-45F4-4203-9923-673F72603747}" = Adobe Photoshop Lightroom 2.3
    "{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
    "{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{9112E78D-4A03-48df-9B68-786E6479CF41}" = 23_24_2500Tour
    "{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9DFC9A77-86B4-4139-A4CF-A5E774422D28}" = OLYMPUS USB Reader/Writer
    "{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
    "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7646-A70000000000}" = Adobe Reader 7.0
    "{AC76BA86-7AD7-EF45-47A7-7E8A45000002}" = Adobe Reader Multimedia Package
    "{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
    "{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B468AE7B-C667-4073-BED8-EAD17D5EE08C}" = TL-WN321G Wireless Utility
    "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{BFB7485D-A200-33CA-A2E1-E1600CA76484}" = Google Talk Plugin
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1EB6825-9339-4B18-99B0-C455B2288FF9}" = TP-LINK Wireless Client Utility
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
    "{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
    "{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
    "{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
    "{E0267007-A6FD-4304-8131-346D1CEA6F82}" = BigOven
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
    "{FFF5DEE7-8107-436B-9726-7573458FE6AE}" = ACE Mega CoDecS Pack
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "Belarc Advisor 2.0" = Belarc Advisor 7.2
    "CCleaner" = CCleaner
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "HijackThis" = HijackThis 2.0.2
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Photo & Imaging" = HP Image Zone 5.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Inkscape" = Inkscape 0.46
    "InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
    "InstallShield_{9DFC9A77-86B4-4139-A4CF-A5E774422D28}" = OLYMPUS USB Reader/Writer
    "InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Millie's Math House" = Millie's Math House (Remove only)
    "Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "Picasa 3" = Picasa 3
    "Portalİ GT-D for Windows" = Portalİ GT-D for Windows
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "Quarter Mile Math Levels 1-2" = Quarter Mile Math Levels 1-2
    "RealPlayer 6.0" = RealPlayer Basic
    "Shop for HP Supplies" = Shop for HP Supplies
    "Swag_Bucks Toolbar" = Swag_Bucks Toolbar
    "Thinkin' Things 1" = Thinkin' Things 1 (Remove only)
    "Thinkin' Things 2" = Edmark - Thinkin' Things 2
    "Thinkin' Things 3" = Thinkin' Things 3 (Remove only)
    "Tweak UI 2.10" = Tweak UI
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp (remove only)
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Facebook Plug-In" = Facebook Plug-In
    "mpixpro ROES" = mpixpro ROES
    "Nations Photo Lab ROES Easy" = Nations Photo Lab ROES Easy

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/26/2010 3:25:14 PM | Computer Name = SETH | Source = Google Update | ID = 20
    Description =

    Error - 6/26/2010 4:25:14 PM | Computer Name = SETH | Source = Google Update | ID = 20
    Description =

    Error - 6/26/2010 5:25:14 PM | Computer Name = SETH | Source = Google Update | ID = 20
    Description =

    Error - 6/26/2010 10:55:22 PM | Computer Name = SETH | Source = MsiInstaller | ID = 11402
    Description = Product: Microsoft Office XP Standard for Students and Teachers --
    Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL.
    Verify that you have sufficient permissions to access the registry or contact
    Microsoft Product Support Services (PSS) for assistance. For information about how
    to contact PSS, see C:\Program Files\Microsoft Office\Office10\1033\PSS10R.CHM.

    Error - 6/26/2010 10:55:42 PM | Computer Name = SETH | Source = MsiInstaller | ID = 1024
    Description = Product: Microsoft Office XP Standard for Students and Teachers -
    Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code
    1603. Windows Installer can create logs to help troubleshoot issues with installing
    software packages. Use the following link for instructions on turning on logging
    support: How to enable Windows Installer logging

    Error - 6/27/2010 5:11:37 PM | Computer Name = SETH | Source = MsiInstaller | ID = 11402
    Description = Product: Microsoft Office XP Standard for Students and Teachers --
    Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL.
    Verify that you have sufficient permissions to access the registry or contact
    Microsoft Product Support Services (PSS) for assistance. For information about how
    to contact PSS, see C:\Program Files\Microsoft Office\Office10\1033\PSS10R.CHM.

    Error - 6/27/2010 5:11:50 PM | Computer Name = SETH | Source = MsiInstaller | ID = 1024
    Description = Product: Microsoft Office XP Standard for Students and Teachers -
    Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code
    1603. Windows Installer can create logs to help troubleshoot issues with installing
    software packages. Use the following link for instructions on turning on logging
    support: How to enable Windows Installer logging

    Error - 6/27/2010 10:01:41 PM | Computer Name = SETH | Source = MsiInstaller | ID = 11402
    Description = Product: Microsoft Office XP Standard for Students and Teachers --
    Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL.
    Verify that you have sufficient permissions to access the registry or contact
    Microsoft Product Support Services (PSS) for assistance. For information about how
    to contact PSS, see C:\Program Files\Microsoft Office\Office10\1033\PSS10R.CHM.

    Error - 6/27/2010 10:01:54 PM | Computer Name = SETH | Source = MsiInstaller | ID = 1024
    Description = Product: Microsoft Office XP Standard for Students and Teachers -
    Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code
    1603. Windows Installer can create logs to help troubleshoot issues with installing
    software packages. Use the following link for instructions on turning on logging
    support: How to enable Windows Installer logging

    Error - 7/2/2010 11:56:08 PM | Computer Name = SETH | Source = MsiInstaller | ID = 11719
    Description = Product: Microsoft Office XP Standard for Students and Teachers --
    Error 1719. The Windows Installer Service could not be accessed. This can occur
    if you are running Windows in safe mode, or if the Windows Installer is not correctly
    installed. Contact your support personnel for assistance.

    [ System Events ]
    Error - 6/27/2010 10:38:47 PM | Computer Name = SETH | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{692DFE4B-A71C-4117-9DA8-9B0DFA0E910B}
    because another computer on the network has the same name. The server could not
    start.

    Error - 6/27/2010 10:41:44 PM | Computer Name = SETH | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.100 for the Network Card with network
    address 002586E871E2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/28/2010 12:11:38 AM | Computer Name = SETH | Source = BROWSER | ID = 8032
    Description = The browser service has failed to retrieve the backup list too many
    times on transport \Device\NetBT_Tcpip_{692DFE4B-A71C-4117-9DA8-9B0DFA0E910B}. The
    backup browser is stopping.

    Error - 6/28/2010 11:47:44 AM | Computer Name = SETH | Source = BROWSER | ID = 8032
    Description = The browser service has failed to retrieve the backup list too many
    times on transport \Device\NetBT_Tcpip_{1131312B-0B21-4DB2-92F1-E64D16491334}. The
    backup browser is stopping.

    Error - 6/28/2010 10:02:31 PM | Computer Name = SETH | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Office XP Service Pack 3.

    Error - 6/29/2010 10:02:37 PM | Computer Name = SETH | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Office XP Service Pack 3.

    Error - 6/30/2010 11:46:35 PM | Computer Name = SETH | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Office XP Service Pack 3.

    Error - 7/1/2010 3:12:21 PM | Computer Name = SETH | Source = Print | ID = 19
    Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
    share name Printer.

    Error - 7/1/2010 10:53:33 PM | Computer Name = SETH | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Office XP Service Pack 3.

    Error - 7/2/2010 11:56:39 PM | Computer Name = SETH | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Office XP Service Pack 3.


    < End of report >

  8. #8
    Member Spyware Fighter schrauber's Avatar
    Join Date
    Jun 2010
    Location
    Germany
    Posts
    175
    Points
    6

    Default

    Hi,

    Please go here and have a look how you can disable your security software.

    Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

    Link 1
    Link 2



    --------------------------------------------------------------------

    Double click on the renamed Combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    Click on Yes, to continue scanning for malware.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    If you need help, see this link:
    A guide and tutorial on using ComboFix
    regards

    schrauber



  9. #9
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default Combofix txt

    ComboFix 10-07-06.05 - BIldad 07/07/2010 17:27:47.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.705 [GMT -4:00]
    Running from: c:\documents and settings\BIldad\Desktop\schrauber.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
    c:\documents and settings\BIldad\Local Settings\Application Data\ulfowpmhg
    c:\documents and settings\BIldad\Local Settings\Application Data\ulfowpmhg\ouilbjatssd.exe
    c:\windows\system32\BSTIEPrintCtl1.dll
    c:\windows\xpsp1hfm.log

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_AFPANSI
    -------\Service_AFPAnsi


    ((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
    .

    2010-07-01 04:19 . 2010-07-01 04:19 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-07-01 04:16 . 2010-07-01 04:16 -------- d-----w- c:\documents and settings\BIldad\Application Data\Malwarebytes
    2010-07-01 03:56 . 2010-07-01 03:56 -------- d-----w- C:\0a1dd7293d86ba18355d4c
    2010-07-01 03:56 . 2010-07-01 03:56 -------- d-----w- C:\10c4d8afcea0b08852
    2010-07-01 03:55 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-01 03:55 . 2010-07-01 03:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-01 03:55 . 2010-07-01 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-01 03:55 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-01 03:54 . 2010-07-01 03:54 -------- d-----w- C:\f81b729f7c9711996a
    2010-07-01 03:53 . 2010-07-01 03:53 -------- d-----w- c:\program files\CCleaner
    2010-06-23 12:22 . 2010-06-23 12:23 -------- d-----w- C:\10805d867a5b54e7ea
    2010-06-09 16:56 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-29 03:40 . 2009-07-30 00:01 -------- d-----w- c:\program files\Coupons
    2010-06-27 03:44 . 2010-03-27 20:39 -------- d-----w- c:\documents and settings\BIldad\Application Data\Dropbox
    2010-06-23 11:51 . 2009-11-04 23:34 -------- d-----w- c:\program files\Safari
    2010-06-23 11:47 . 2009-12-06 19:33 -------- d-----w- c:\program files\Liquid War
    2010-06-23 11:45 . 2009-11-07 13:16 -------- d-----w- c:\program files\Swag_Bucks
    2010-06-23 02:46 . 2009-07-29 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-06-23 01:22 . 2009-07-29 02:53 -------- d-----w- c:\program files\Mozilla Thunderbird 3.0 Beta 3
    2010-06-23 01:20 . 2009-07-28 20:10 -------- d-----w- c:\program files\JellyCar
    2010-06-23 01:15 . 2009-08-05 15:12 -------- d-----w- c:\program files\2009 QB Bible Bee
    2010-05-06 10:41 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22 . 2004-08-04 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30 . 2004-08-04 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\tbSwa1.dll" [2010-03-23 2349080]

    [HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
    2010-03-23 19:48 2349080 ----a-w- c:\program files\Swag_Bucks\tbSwa1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\tbSwa1.dll" [2010-03-23 2349080]

    [HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\tbSwa1.dll" [2010-03-23 2349080]

    [HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\BIldad\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\BIldad\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\BIldad\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
    "ZDWlan.EXE"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE" [2009-01-14 491520]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2009-12-13 622592]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^BIldad^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\documents and settings\BIldad\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    c:\windows\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
    2004-10-14 15:17 45056 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray]
    2009-05-08 23:20 552192 ----a-w- c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
    2004-10-27 21:07 987136 ----a-w- c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
    2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-10-12 22:54 57344 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-07-29 02:48 133104 ----atw- c:\documents and settings\BIldad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2003-12-22 13:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2003-08-04 22:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-09-20 13:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-09-20 13:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-09-20 13:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
    2003-09-04 02:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2003-03-25 10:49 53248 ----a-r- c:\windows\SYSTEM32\MMTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]
    2003-03-25 10:49 57344 ----a-r- c:\windows\SYSTEM32\MMTray2k.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]
    2003-03-25 10:49 53248 ----a-r- c:\windows\SYSTEM32\MMTrayLSI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2005-08-12 20:16 1121792 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2004-04-12 02:15 290816 -c----w- c:\program files\Dell\Media Experience\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2003-11-19 23:48 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
    2003-03-25 10:49 106544 ----a-r- c:\windows\SYSTEM32\tweakui.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    2004-01-07 07:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "NetSvc"=3 (0x3)
    "iPodService"=3 (0x3)
    "IDriverT"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Documents and Settings\\BIldad\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\BIldad\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Documents and Settings\\BIldad\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10421:UDP"= 10421:UDP:*isabled:SingleClick Discovery Protocol
    "10426:UDP"= 10426:UDP:*isabled:SingleClick ICC
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 6:06 AM 169312]
    R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [5/8/2009 7:20 PM 45312]
    R3 ZD1211BU(TP-LINK);TP-LINK Wireless USB Adapter Driver(TP-LINK);c:\windows\SYSTEM32\DRIVERS\ZD1211BU.sys [8/13/2009 4:53 PM 500736]
    S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\SYSTEM32\DRIVERS\A5AGU.sys [10/6/2004 11:39 AM 283904]
    S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\SYSTEM32\DRIVERS\Athfmwdl.sys [10/4/2004 7:28 AM 43392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517263868-2245250164-1559680526-1006Core.job
    - c:\documents and settings\BIldad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-29 02:48]

    2010-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517263868-2245250164-1559680526-1006UA.job
    - c:\documents and settings\BIldad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-29 02:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
    FF - ProfilePath - c:\documents and settings\BIldad\Application Data\Mozilla\Firefox\Profiles\0bmpakgt.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com/\r
    FF - component: c:\documents and settings\BIldad\Application Data\Mozilla\Firefox\Profiles\0bmpakgt.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\BIldad\Application Data\Mozilla\Firefox\Profiles\0bmpakgt.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\BIldad\Application Data\Facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\BIldad\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\BIldad\Application Data\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\BIldad\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-wmgunjsl - c:\documents and settings\BIldad\Local Settings\Application Data\ulfowpmhg\ouilbjatssd.exe
    HKLM-Run-wmgunjsl - c:\documents and settings\BIldad\Local Settings\Application Data\ulfowpmhg\ouilbjatssd.exe
    MSConfigStartUp-DXDllRegExe - dxdllreg.exe
    MSConfigStartUp-SoundMAXPnP - c:\program files\Analog Devices\Core\smax4pnp.exe
    AddRemove-Microsoft Interactive Training - c:\windows\orun32.isu



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2010-07-07 17:44
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    @DACL=(02 0000)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2836)
    c:\windows\system32\WININET.dll
    c:\documents and settings\BIldad\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    c:\windows\system32\fxssvc.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-07 17:55:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-07 21:55

    Pre-Run: 1,346,867,200 bytes free
    Post-Run: 2,279,600,128 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - F51DC91F3A69C9945AFCA373CC402945

  10. #10
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    I thought I should post that I downloaded Microsoft Security Essentials and updated it, but did not run it...sorry if I was not supposed to do that.

    Also, I have not seen any pop-ups whatsoever since doing the ComboFix scan.

Page 1 of 3 123 LastLast