Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

multiple iexplore.exe spawned on startup

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

multiple iexplore.exe spawned on startup

Unread postby xqsmeqt31416 » July 12th, 2010, 10:49 am

Good day.

I have a problem with iexplore.exe. Multiple instances of iexplore.exe are executed on start-up. When I try to terminate the process in Task Manager, an error that "an unhandled win32 exception occurred in Windows defender.exe" appears and iexplore.exe is executed again.

There is no adware or pop-ups or degradation of speed and the memory usage of iexplore.exe is around 7,500 K per instance. The memory usage just hovers around this figure increasing or decreasing by a few K bytes only.

Anti-Virus programs don't detect a malware. I use Symantec Anti-Virus.

Thank you.


----------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:19 PM, on 7/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\windows\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\windows\system32\TCtrlIOHook.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\windows\system32\TDispVol.exe
C:\windows\system32\TPSMain.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\windows\system32\TPSBattM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\xampp\apache\bin\httpd.exe
C:\xampp\mysql\bin\mysqld.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Downloads\Mozilla\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HKLM] C:\windows\install\Windows defender.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [HKCU] C:\windows\install\Windows defender.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\windows\install\Windows defender.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\windows\install\Windows defender.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8785187812
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12055 bytes
xqsmeqt31416
Active Member
 
Posts: 8
Joined: November 16th, 2009, 12:10 am
Advertisement
Register to Remove

Re: multiple iexplore.exe spawned on startup

Unread postby deltalima » July 15th, 2010, 9:17 am

Hi xqsmeqt31416,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\windows\install\Windows defender.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: multiple iexplore.exe spawned on startup

Unread postby xqsmeqt31416 » July 15th, 2010, 8:46 pm

From HijackThis (uninstall list)
----------------------------------
32 Bit HP CIO Components Installer
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Crystal Reports Basic for Visual Studio 2008
DVD-RAM Driver
Garmin Training Center
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Earth
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB971091)
Hotfix for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB973674)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Deskjet Ink Advant K109a-z Printer Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Photosmart Essential
HP Print Projects 1.0
HP PSC & OfficeJet 6.1.A
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 20
K-Lite Codec Pack 3.9.0 Full
LiveUpdate 3.1 (Symantec Corporation)
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio Team System 2008 Team Suite - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIWA
mLogView
mMHouse
Mountain Bike Action - August 2010
Mountain Bike Action - August 2010
Mountain Bike Action - July 2010
Mountain Bike Action - July 2010
Mountain Bike Action - June 2010
Mountain Bike Action - June 2010
Mozilla Firefox (3.5.10)
mPfMgr
mPfWiz
mProSafe
MSVC80_x86_v2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mWlsSafe
mXML
mZConfig
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Palm Desktop by ACCESS
Palm Outlook Conduits Updater
PC Connectivity Solution
QuickTime
Realtek High Definition Audio Driver
Samsung Auto Backup
SD Secure Module
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB982127)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Smart Bro
Sonic DLA
Sonic RecordNow!
Symantec AntiVirus
Texas Instruments PCIxx21/x515/xx12 drivers.
TextPad 4.7
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hardware Setup
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
TouchPad On/Off Utility
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB972221)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WOT for Internet Explorer
Zinio Reader


===========================================

From Virustotal for C:\windows\install\Windows defender.exe
----------------------------------
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.15 Trojan-Dropper.Small!IK
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 Win32:Malware-gen
Avast5 5.0.332.0 2010.07.15 Win32:Malware-gen
AVG 9.0.0.836 2010.07.15 Dropper.Small.EBQ
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5441 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7710 2010.07.15 -
F-Prot 4.6.1.107 2010.07.15 -
F-Secure 9.0.15370.0 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.16 Win32:Malware-gen
Ikarus T3.1.1.84.0 2010.07.15 Trojan-Dropper.Small
Jiangmin 13.0.900 2010.07.15 Trojan/Agent.eazw
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.15 Heuristic.LooksLike.Trojan.Dropper.I
Microsoft 1.5902 2010.07.15 -
NOD32 5282 2010.07.15 probably a variant of MSIL/Autorun.Injector.D
Norman 6.05.11 2010.07.15 -
nProtect 2010-07-15.02 2010.07.15 -
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6590 2010.07.16 -
SUPERAntiSpyware 4.40.0.1006 2010.07.16 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.15 -
Additional information
File size: 685568 bytes
MD5...: ff7c003786fce986640d444c146c0e12
SHA1..: 0171acd35c0958f385e224adc98b05ebc4d71a6a
SHA256: ae29775a5e03669699d7260d894f1b43ac31728d090f42c6f3bb868f50c32ba3
ssdeep: 12288:wC77JwLw45Ua/bBp+dhbCNbVsVGvUgaWTLd0+I9LdpajuRfssoH8Z7rcnu
k5YU:Aspi94bG8QnT5uRLopuk
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1458e
timedatestamp.....: 0x4c2a5a39 (Tue Jun 29 20:40:25 2010)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x12594 0x12600 5.96 3e85ce4c4722b3a1b241488d72b8816e
.sdata 0x16000 0x90 0x200 1.69 8b5f88ecf8875b9dbdf83a1faa6d4fd6
.rsrc 0x18000 0x94634 0x94800 6.19 1a443e4a1c58737d721b78ce824d7a96
.reloc 0xae000 0xc 0x200 0.10 3bbd0712880e9162241662f7ceb8eddf

( 1 imports )
> mscoree.dll: _CorExeMain

( 0 exports )
RDS...: NSRL Reference Data Set
-
trid..: Win32 Executable MS Visual C++ (generic) (51.6%)
Windows Screen Saver (17.9%)
Win32 Executable Generic (11.6%)
Win32 Dynamic Link Library (generic) (10.3%)
Win16/32 Executable Delphi generic (2.8%)
pdfid.: -
sigcheck:
publisher....: My
copyright....: Bad
product......: Chick
description..: msconfig
original name: msconfig.exe
internal name: msconfig.exe
file version.: 2.29.3.3
comments.....: msconfig
signers......: -
signing date.: -
verified.....: Unsigned
xqsmeqt31416
Active Member
 
Posts: 8
Joined: November 16th, 2009, 12:10 am

Re: multiple iexplore.exe spawned on startup

Unread postby deltalima » July 16th, 2010, 3:39 am

Hi xqsmeqt31416,

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: multiple iexplore.exe spawned on startup

Unread postby xqsmeqt31416 » July 16th, 2010, 10:18 am

Hi deltalima,

Thanks for the reply. Included is the log file from Malwarebytes Anti-Malware:

-------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4319

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/16/2010 10:12:58 PM
mbam-log-2010-07-16 (22-12-58).txt

Scan type: Quick scan
Objects scanned: 136527
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{w673j4ui-1ar5-lh12-h512-6465gx203ffc} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\install\Windows defender.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\geo\Local Settings\Temp\Windows Installer.exe (Trojan.VB) -> Quarantined and deleted successfully.
C:\Documents and Settings\geo\Local Settings\Temp\nsh1CE.tmp\nswebgui.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\geo\Application Data\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\geo\Local Settings\Temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\geo\Local Settings\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\geo\Local Settings\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
xqsmeqt31416
Active Member
 
Posts: 8
Joined: November 16th, 2009, 12:10 am

Re: multiple iexplore.exe spawned on startup

Unread postby deltalima » July 16th, 2010, 1:35 pm

Hi xqsmeqt31416,

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: multiple iexplore.exe spawned on startup

Unread postby xqsmeqt31416 » July 16th, 2010, 9:54 pm

hi deltalima,

thanks for the reply. included is the logfile from rootkit unhooker. the logfiles from otl will be in the next reply due to size contraints.


rootkit unhooker log:
---------------------
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xA9CC1000 C:\windows\system32\drivers\RtkHDAud.sys 4247552 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x804D7000 C:\windows\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\windows\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBA418000 C:\windows\system32\DRIVERS\w39n51.sys 1429504 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xA8199000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100715.003\navex15.sys 1359872 bytes (Symantec Corporation, AV Engine)
0xBA5B1000 C:\windows\system32\DRIVERS\ialmnt5.sys 1355776 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA9B8A000 C:\windows\system32\DRIVERS\AGRSM.sys 1126400 bytes (Agere Systems, SoftModem Device Driver)
0xBF077000 C:\windows\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA95B1000 C:\windows\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA964C000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 401408 bytes (Symantec Corporation, SPBBC Driver)
0xA9553000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xBA1B6000 C:\windows\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA9781000 C:\windows\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9A6A000 C:\Program Files\Symantec AntiVirus\savrt.sys 360448 bytes (Symantec Corporation, AutoProtect)
0xBFFA0000 C:\windows\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA971E000 C:\windows\System32\Drivers\SYMTDI.SYS 241664 bytes (Symantec Corporation, Network Dispatch Driver)
0xBF042000 C:\windows\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7416000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA7872000 C:\windows\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA9621000 C:\windows\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBA390000 C:\windows\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xBA575000 C:\windows\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA96D0000 C:\windows\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xBA3CC000 C:\windows\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xA96F8000 C:\windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA9C9D000 C:\windows\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xBA3F4000 C:\windows\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xBA32C000 C:\windows\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA96AE000 C:\windows\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\windows\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xA9A48000 C:\Program Files\Symantec\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\windows\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7482000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74D9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xA9536000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xA98B9000 C:\windows\System32\Drivers\tosrfbd.sys 110592 bytes (TOSHIBA CORPORATION, Bluetooth RF Bus Driver)
0xF787D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xBA34F000 C:\windows\system32\DRIVERS\Apfiltr.sys 102400 bytes (Alps Electric Co., Ltd., Alps Pointing-device Driver)
0xA97FE000 C:\windows\System32\Drivers\meiudf.sys 102400 bytes (Matsushita Electric Industrial Co.,Ltd., DVD-RAM UDF File System Driver)
0xF74A2000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9338000 C:\windows\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xA951E000 C:\windows\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7443000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xBA315000 C:\windows\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9350000 C:\windows\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA9322000 C:\windows\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF745A000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA8DBD000 C:\windows\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA8185000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100715.003\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xA9A34000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
0xBA3B8000 C:\windows\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xBA59D000 C:\windows\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA97DA000 C:\windows\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\windows\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7470000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xBA304000 C:\windows\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA97ED000 C:\windows\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF76A7000 C:\windows\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7667000 C:\windows\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7607000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF76C7000 C:\windows\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0xF7577000 C:\windows\system32\DRIVERS\Tosrfhid.sys 65536 bytes (TOSHIBA Corporation., Bluetooth HID Driver from TOSHIBA)
0xF7527000 C:\windows\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA73C000 C:\windows\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76B7000 C:\windows\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA8F7A000 C:\windows\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA6FC000 C:\windows\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7617000 C:\windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF012000 C:\windows\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7657000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7687000 C:\windows\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7517000 C:\windows\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF74F7000 C:\windows\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA76C000 C:\windows\system32\DRIVERS\tosporte.sys 49152 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0xBA2E4000 C:\windows\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7697000 C:\windows\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7507000 C:\windows\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA72C000 C:\windows\system32\DRIVERS\Tvs.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Audio Filter Driver)
0xA9AFA000 C:\windows\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA75C000 C:\windows\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xA839D000 C:\windows\System32\Drivers\SYMREDRV.SYS 40960 bytes (Symantec Corporation, Redirector Filter Driver)
0xBA77C000 C:\windows\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA71C000 C:\windows\system32\DRIVERS\csiidecoder_kern_i386.sys 36864 bytes (-, SRS Labs CSII Decoder Kernel DLL)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7677000 C:\windows\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA78C000 C:\windows\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2F4000 C:\windows\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA79B5000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7567000 C:\windows\System32\Drivers\tosrfbnp.sys 36864 bytes (TOSHIBA Corporation, Bluetooth RFBNEP Driver)
0xF7587000 C:\windows\System32\Drivers\tosrfusb.sys 36864 bytes (TOSHIBA CORPORATION, Bluetooth USB Miniport Driver)
0xF7537000 C:\windows\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF776F000 C:\windows\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA22C000 C:\windows\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77E7000 C:\windows\system32\DRIVERS\tsxt_kern_i386.sys 32768 bytes (-, SRS Labs TruSurround XT kernel DLL)
0xF7767000 C:\windows\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA21C000 C:\windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7707000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77EF000 C:\windows\system32\DRIVERS\wowhd_kern_i386.sys 28672 bytes (SRS Labs, Inc., WOW HD kernel mode DLL for Windows)
0xBA25C000 C:\windows\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF77AF000 C:\windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7797000 C:\windows\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xF777F000 C:\windows\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7787000 C:\windows\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF775F000 C:\windows\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA24C000 C:\windows\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77DF000 C:\windows\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA234000 C:\windows\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77C7000 C:\windows\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7717000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF77CF000 C:\windows\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF77A7000 C:\windows\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF778F000 C:\windows\system32\DRIVERS\tosrfnds.sys 20480 bytes (TOSHIBA Corporation., Bluetooth BNEP Driver)
0xF7817000 C:\windows\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF789F000 C:\windows\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7933000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA93EA000 C:\windows\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA7C8000 C:\windows\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA925A000 C:\windows\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA937A000 C:\windows\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF78A3000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7897000 C:\windows\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA9847000 C:\windows\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA7DC000 C:\windows\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA9256000 C:\windows\system32\DRIVERS\netdevio.sys 12288 bytes (TOSHIBA Corporation., Network Device Usermode I/O protocol)
0xF794B000 C:\windows\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xA98A1000 C:\windows\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF793B000 C:\windows\system32\DRIVERS\tosrfec.sys 12288 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth EC Driver)
0xA987B000 C:\windows\System32\Drivers\TPwSav.sys 12288 bytes (TOSHIBA , IO Driver)
0xF79C3000 C:\windows\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79A9000 C:\windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF79F5000 C:\windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF79F1000 C:\windows\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79C1000 C:\windows\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\windows\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79C5000 C:\windows\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79C7000 C:\windows\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79AD000 C:\windows\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF79B3000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79BD000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\windows\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A90000 C:\windows\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA988E000 C:\windows\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7AAA000 C:\windows\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A9D000 C:\windows\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A50000 C:\windows\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF80000.VBN
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF80000\4FF8FA00.VBN
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\11B5FD3Ad01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\1BBBF0D6d01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\2A057BF3d01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\2A6765A1d01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\58AC20CBd01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\9DB17D99d01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\A712F650d01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\A7EC9510d01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\AA8F9FF7d01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\CAE956F3d01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\CAEF69F7d01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\DE8C858Ad01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\E465D1FCd01
!-->[Hidden] C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\Cache\F8898AA2d01
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D9D4, Type: Inline - PushRet 0x804E49D4-->D747A9A5 [unknown_code_page]
ntoskrnl.exe+0x0000DA3C, Type: Inline - RelativeJump 0x804E4A3C-->804E4ABE [ntoskrnl.exe]
ntoskrnl.exe+0x0000DABC, Type: Inline - RelativeJump 0x804E4ABC-->804E4B14 [ntoskrnl.exe]
[744]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[744]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[744]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[744]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[744]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[744]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[744]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
xqsmeqt31416
Active Member
 
Posts: 8
Joined: November 16th, 2009, 12:10 am

Re: multiple iexplore.exe spawned on startup

Unread postby xqsmeqt31416 » July 16th, 2010, 9:56 pm

hi deltalima,

these are the log files from otl

otl.txt
----------
OTL logfile created on: 7/17/2010 9:45:28 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = E:\Downloads\Mozilla
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 30.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 24.01 Gb Total Space | 3.47 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 50.33 Gb Total Space | 43.58 Gb Free Space | 86.58% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XQSMEQT
Current User Name: geo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - E:\Downloads\Mozilla\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)


========== Modules (SafeList) ==========

MOD - E:\Downloads\Mozilla\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TDispVol.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\windows\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\windows\System32\appmgmts.dll File not found
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100715.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100715.003\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (TPwSav) -- C:\WINDOWS\system32\drivers\TPwSav.sys (TOSHIBA )
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (DRVMCDB) -- C:\windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3821735628-3510263295-1164204225-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3821735628-3510263295-1164204225-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3821735628-3510263295-1164204225-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://gb.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.malwareremoval.com/forum/index.php"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..keyword.URL: "http://gb.iamwired.net/websearch.php?src=tops&search="

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/14 10:02:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/01 08:56:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/26 21:30:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/26 21:30:24 | 000,000,000 | ---D | M]

[2009/11/24 00:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geo\Application Data\Mozilla\Extensions
[2010/07/15 11:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geo\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\extensions
[2010/01/26 13:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\geo\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 21:39:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\geo\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/29 16:53:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\geo\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/11 04:43:06 | 000,000,259 | ---- | M] () -- C:\Documents and Settings\geo\Application Data\Mozilla\Firefox\Profiles\6ok01w72.default\searchplugins\Search.xml
[2010/07/16 22:03:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/19 08:53:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/19 08:53:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-3821735628-3510263295-1164204225-1006\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [HKLM] C:\windows\install\Windows defender.exe File not found
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\windows\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TDispVol] C:\windows\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\windows\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-3821735628-3510263295-1164204225-1006..\Run: [HKCU] C:\windows\install\Windows defender.exe File not found
O4 - HKU\S-1-5-21-3821735628-3510263295-1164204225-1006..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3821735628-3510263295-1164204225-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\windows\install\Windows defender.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3821735628-3510263295-1164204225-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-3821735628-3510263295-1164204225-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\windows\install\Windows defender.exe File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8785187812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 172.16.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\application/x-microsoft-rpmsg-message {DFF82902-0B96-3B98-6F62-D655E146A23A} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\windows\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\geo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\geo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/22 07:02:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0793ea60-7a17-11df-8305-00037af7c721}\Shell\AutoRun\command - "" = Z:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{2047dc29-6d85-11df-82fd-00037af7c721}\Shell - "" = AutoRun
O33 - MountPoints2\{2047dc29-6d85-11df-82fd-00037af7c721}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2047dc29-6d85-11df-82fd-00037af7c721}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{375cb98a-4040-11df-82a9-00037af7c721}\Shell\AutoRun\command - "" = F:\var\var32.exe -- File not found
O33 - MountPoints2\{375cb98a-4040-11df-82a9-00037af7c721}\Shell\exPLore\comMand - "" = F:\var\\\\\var32.exe -- File not found
O33 - MountPoints2\{375cb98a-4040-11df-82a9-00037af7c721}\Shell\oPEn\commaNd - "" = F:\var\\\\\\var32.exe -- File not found
O33 - MountPoints2\{60a6097a-598f-11df-82ce-00037af7c721}\Shell - "" = AutoRun
O33 - MountPoints2\{60a6097a-598f-11df-82ce-00037af7c721}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60a6097a-598f-11df-82ce-00037af7c721}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b9ace618-36f6-11df-829d-001302b7538d}\Shell\AutoRun\command - "" = F:\novir\novir32.exe -- File not found
O33 - MountPoints2\{b9ace618-36f6-11df-829d-001302b7538d}\Shell\explore\command - "" = F:\novir\novir32.exe -- File not found
O33 - MountPoints2\{b9ace618-36f6-11df-829d-001302b7538d}\Shell\open\command - "" = F:\.\novir\novir32.exe -- File not found
O33 - MountPoints2\{c521b27f-7c85-11df-830e-00037af7c721}\Shell - "" = AutoRun
O33 - MountPoints2\{c521b27f-7c85-11df-830e-00037af7c721}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c521b27f-7c85-11df-830e-00037af7c721}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{cd78eeac-0ede-11df-822c-00037af7c721}\Shell\AutoRun\command - "" = ucure/ucure32.exe
O33 - MountPoints2\{cd78eeac-0ede-11df-822c-00037af7c721}\Shell\explore\command - "" = ucure/ucure32.exe
O33 - MountPoints2\{cd78eeac-0ede-11df-822c-00037af7c721}\Shell\open\command - "" = ucure/ucure32.exe
O33 - MountPoints2\{d27b761f-109a-11df-8235-00037af7c721}\Shell\AutoRun\command - "" = 1hqup.exe
O33 - MountPoints2\{d27b761f-109a-11df-8235-00037af7c721}\Shell\open\Command - "" = 1hqup.exe
O33 - MountPoints2\{d27b7620-109a-11df-8235-00037af7c721}\Shell\AutoRun\command - "" = F:\1hqup.exe -- File not found
O33 - MountPoints2\{d27b7620-109a-11df-8235-00037af7c721}\Shell\open\Command - "" = F:\1hqup.exe -- File not found
O33 - MountPoints2\{e9ca93da-d82e-11de-8165-001302b7538d}\Shell - "" = AutoRun
O33 - MountPoints2\{e9ca93da-d82e-11de-8165-001302b7538d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9ca93da-d82e-11de-8165-001302b7538d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e9ca93dd-d82e-11de-8165-001302b7538d}\Shell - "" = AutoRun
O33 - MountPoints2\{e9ca93dd-d82e-11de-8165-001302b7538d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9ca93dd-d82e-11de-8165-001302b7538d}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\StartPortableApps.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/17 08:09:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\geo\My Documents\Malware Removal Logs
[2010/07/16 22:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geo\Application Data\Malwarebytes
[2010/07/16 22:01:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/07/16 22:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/16 22:01:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/07/16 22:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/14 08:55:22 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\helpsvc.exe
[2010/07/13 21:00:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\geo\My Documents\encoding
[2010/07/12 20:54:50 | 000,000,000 | ---D | C] -- E:\Documents and Settings\geo\My Documents\Simply Super Software
[2010/07/12 11:41:15 | 000,000,000 | ---D | C] -- E:\Documents and Settings\geo\My Documents\Visual Studio 2008
[2010/07/12 07:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/11 21:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geo\Local Settings\Application Data\Symantec
[2010/07/11 21:41:55 | 000,109,744 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2010/07/11 21:41:55 | 000,048,816 | ---- | C] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL
[2010/07/11 21:41:18 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\capicom.dll
[2010/07/11 21:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/07/11 21:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/11 21:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2010/07/11 21:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/07/11 21:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2010/07/11 20:37:55 | 000,000,000 | -H-D | C] -- C:\windows\ie8
[2010/07/11 19:14:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\geo\Recent
[2010/07/11 17:38:20 | 000,000,000 | ---D | C] -- E:\Documents and Settings\geo\My Documents\Bluetooth
[2010/07/11 04:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/07/08 22:48:42 | 000,000,000 | ---D | C] -- C:\Temp
[2010/07/06 21:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/07/04 08:11:33 | 000,000,000 | ---D | C] -- C:\windows\SQLTools9_KB970892_ENU
[2010/07/04 08:09:32 | 000,000,000 | ---D | C] -- C:\windows\SQL9_KB970892_ENU
[2010/06/30 20:23:19 | 000,000,000 | ---D | C] -- C:\windows\System32\js
[2010/06/30 20:23:19 | 000,000,000 | ---D | C] -- C:\windows\System32\images
[2010/06/30 20:23:19 | 000,000,000 | ---D | C] -- C:\windows\System32\html
[2010/06/30 20:23:19 | 000,000,000 | ---D | C] -- C:\windows\System32\css
[2010/06/30 20:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2010/06/30 20:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/06/30 20:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/06/30 20:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/06/30 20:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/30 20:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/06/30 20:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/06/30 20:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/06/30 20:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Web Designer Tools
[2010/06/30 19:57:46 | 000,000,000 | ---D | C] -- C:\windows\System32\Visual Studio 2008Templates
[2010/06/30 19:57:46 | 000,000,000 | ---D | C] -- C:\windows\System32\Visual Studio 2008
[2010/06/29 11:20:52 | 000,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\windows\uninst.exe
[2010/06/29 10:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SPSS
[2010/06/29 06:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geo\.spss
[2010/06/29 06:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/06/28 00:48:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\geo\My Documents\OFF Trackers
[2010/06/26 21:22:19 | 000,000,000 | ---D | C] -- E:\Documents and Settings\geo\My Documents\PSP Save Games
[2010/06/20 21:55:11 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2010/06/19 09:34:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\geo\My Documents\Samsung Documentation
[2010/06/18 22:59:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\geo\My Documents\ARB MTR
[2010/06/18 21:57:44 | 000,000,000 | ---D | C] -- C:\windows\System32\NtmsData
[2010/06/18 16:03:37 | 000,000,000 | ---D | C] -- C:\Log
[2010/06/18 16:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2010/06/18 15:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Clarus
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/17 09:34:00 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/17 08:10:17 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\geo\NTUSER.DAT
[2010/07/17 08:01:53 | 000,000,876 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/17 08:01:47 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/17 08:01:24 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/07/17 08:01:15 | 1331,810,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/16 22:13:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\geo\ntuser.ini
[2010/07/16 09:48:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\geo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/15 19:23:01 | 000,001,876 | ---- | M] () -- C:\bar.emf
[2010/07/15 19:22:56 | 000,088,064 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\media database.vsd
[2010/07/15 15:55:52 | 000,000,616 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\How to show and hide HTML elements using Javascript Useful and interesting web sites.mht
[2010/07/15 15:37:12 | 000,286,720 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\Database1.accdb
[2010/07/13 18:57:00 | 000,265,972 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\AiBprototype1.zip
[2010/07/13 06:20:36 | 000,000,689 | ---- | M] () -- C:\windows\win.ini
[2010/07/13 06:20:36 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
[2010/07/12 21:56:08 | 000,004,161 | ---- | M] () -- C:\windows\ODBCINST.INI
[2010/07/12 17:45:36 | 000,136,284 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\New Project 20100712 1745.sql
[2010/07/12 06:47:03 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\geo\Local Settings\Application Data\housecall.guid.cache
[2010/07/12 06:40:09 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/07/12 06:25:28 | 000,000,000 | ---- | M] () -- C:\windows\vpc32.INI
[2010/07/12 06:09:52 | 000,004,566 | ---- | M] () -- C:\windows\imsins.BAK
[2010/07/12 06:09:34 | 000,591,554 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/07/12 06:09:34 | 000,491,304 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/07/12 06:09:34 | 000,089,948 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/07/12 06:09:27 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\geo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/11 20:40:59 | 000,000,991 | ---- | M] () -- C:\windows\System32\spupdsvc.inf
[2010/07/11 18:04:39 | 006,852,657 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\New Project 20100711 1803.sql
[2010/07/11 17:23:42 | 000,025,548 | ---- | M] () -- C:\Documents and Settings\geo\Application Data\SQLite3.dll
[2010/07/11 04:49:56 | 000,000,000 | ---- | M] () -- C:\windows\popcreg.dat
[2010/07/11 04:49:56 | 000,000,000 | ---- | M] () -- C:\windows\popcinfot.dat
[2010/07/10 23:33:26 | 000,000,512 | ---- | M] () -- C:\windows\randseed.rnd
[2010/07/08 16:30:38 | 000,391,683 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\MTR Input - Data Mgt.pptx
[2010/07/06 15:30:38 | 000,014,501 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\roles.xls
[2010/07/05 21:51:32 | 000,603,615 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\Dulcelin CH.jpg
[2010/07/05 10:48:01 | 000,099,116 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\GreenStreet_2010-July 5.pdf
[2010/07/05 10:46:00 | 000,038,912 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\GreenStreet_2010-July 5.doc
[2010/07/03 08:17:45 | 000,035,840 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\GreenStreet_2010-June 28_Letter on Lease Contract.doc
[2010/07/02 16:04:22 | 000,114,458 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\GreenStreet_2010-June 28_Letter on Lease Contract.pdf
[2010/06/30 20:24:11 | 000,000,654 | ---- | M] () -- C:\windows\ODBC.INI
[2010/06/29 22:44:23 | 000,072,608 | ---- | M] () -- C:\Documents and Settings\geo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/29 15:23:11 | 000,282,128 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/29 12:26:24 | 000,000,038 | ---- | M] () -- C:\windows\avisplitter.INI
[2010/06/29 11:07:32 | 000,000,114 | ---- | M] () -- C:\windows\System32\prsgrc.tgz
[2010/06/29 11:07:31 | 000,000,100 | ---- | M] () -- C:\windows\System32\prsgrc.dll
[2010/06/29 10:58:10 | 000,000,219 | ---- | M] () -- C:\windows\System32\lsprst7.tgz
[2010/06/29 10:58:10 | 000,000,205 | ---- | M] () -- C:\windows\System32\lsprst7.dll
[2010/06/29 10:58:10 | 000,000,016 | -H-- | M] () -- C:\windows\System32\servdat.slm
[2010/06/29 07:12:42 | 000,000,000 | ---- | M] () -- C:\law.sp
[2010/06/29 06:56:04 | 000,499,128 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\hi-torque_mba_201008.air
[2010/06/29 06:28:31 | 000,001,024 | ---- | M] () -- C:\windows\System32\grcauth2.dll
[2010/06/29 06:28:31 | 000,001,024 | ---- | M] () -- C:\windows\System32\grcauth1.dll
[2010/06/29 06:18:33 | 000,001,025 | ---- | M] () -- C:\windows\System32\sysprs7.tgz
[2010/06/29 06:18:33 | 000,001,025 | ---- | M] () -- C:\windows\System32\sysprs7.dll
[2010/06/28 13:26:07 | 000,221,184 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\Hungry Juan Application Form.doc
[2010/06/28 13:22:16 | 000,200,704 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\N-05 Geo.Lazaro (recast).doc
[2010/06/25 07:40:16 | 000,309,248 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\Smokey's Flyers.vsd
[2010/06/22 14:04:34 | 000,018,944 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\faspo.vsd
[2010/06/22 11:43:34 | 000,059,392 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\FASPO Flow.vsd
[2010/06/22 03:42:16 | 002,393,430 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\6866_b-wp_a_practical_approach_to_information_management.pdf
[2010/06/22 03:32:03 | 000,032,256 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\smokeys odl fab foods AR.XLS
[2010/06/21 10:25:04 | 000,140,823 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\PSGC 20100621 1024.sql
[2010/06/21 00:04:39 | 000,094,508 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\DepOrderReclass.pdf
[2010/06/19 23:48:47 | 005,439,135 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\New Project 20100619 2345.sql
[2010/06/17 22:28:24 | 000,061,623 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\COA JAHLazaro.pdf
[2010/06/17 22:28:12 | 000,074,240 | ---- | M] () -- E:\Documents and Settings\geo\My Documents\COA.doc
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/15 19:22:55 | 000,088,064 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\media database.vsd
[2010/07/15 15:55:52 | 000,000,616 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\How to show and hide HTML elements using Javascript Useful and interesting web sites.mht
[2010/07/15 15:36:49 | 000,286,720 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\Database1.accdb
[2010/07/13 18:57:00 | 000,265,972 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\AiBprototype1.zip
[2010/07/12 17:45:22 | 000,136,284 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\New Project 20100712 1745.sql
[2010/07/12 06:47:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\geo\Local Settings\Application Data\housecall.guid.cache
[2010/07/12 06:25:28 | 000,000,000 | ---- | C] () -- C:\windows\vpc32.INI
[2010/07/12 06:09:27 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\geo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/11 19:39:38 | 000,004,566 | ---- | C] () -- C:\windows\imsins.BAK
[2010/07/11 18:03:54 | 006,852,657 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\New Project 20100711 1803.sql
[2010/07/11 17:23:42 | 000,025,548 | ---- | C] () -- C:\Documents and Settings\geo\Application Data\SQLite3.dll
[2010/07/11 04:49:56 | 000,000,000 | ---- | C] () -- C:\windows\popcreg.dat
[2010/07/11 04:49:56 | 000,000,000 | ---- | C] () -- C:\windows\popcinfot.dat
[2010/07/07 22:32:13 | 000,391,683 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\MTR Input - Data Mgt.pptx
[2010/07/06 15:23:39 | 000,014,501 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\roles.xls
[2010/07/05 21:51:23 | 000,603,615 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\Dulcelin CH.jpg
[2010/07/05 10:48:00 | 000,099,116 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\GreenStreet_2010-July 5.pdf
[2010/07/05 10:46:00 | 000,038,912 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\GreenStreet_2010-July 5.doc
[2010/07/03 08:01:00 | 000,035,840 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\GreenStreet_2010-June 28_Letter on Lease Contract.doc
[2010/07/02 16:04:20 | 000,114,458 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\GreenStreet_2010-June 28_Letter on Lease Contract.pdf
[2010/06/29 07:12:42 | 000,000,000 | ---- | C] () -- C:\law.sp
[2010/06/29 06:52:58 | 000,499,128 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\hi-torque_mba_201008.air
[2010/06/29 06:28:31 | 000,001,024 | ---- | C] () -- C:\windows\System32\grcauth2.dll
[2010/06/29 06:28:31 | 000,001,024 | ---- | C] () -- C:\windows\System32\grcauth1.dll
[2010/06/29 06:28:31 | 000,000,114 | ---- | C] () -- C:\windows\System32\prsgrc.tgz
[2010/06/29 06:28:31 | 000,000,100 | ---- | C] () -- C:\windows\System32\prsgrc.dll
[2010/06/29 06:18:33 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.tgz
[2010/06/29 06:18:33 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll
[2010/06/29 06:18:33 | 000,000,219 | ---- | C] () -- C:\windows\System32\lsprst7.tgz
[2010/06/29 06:18:33 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll
[2010/06/29 06:18:33 | 000,000,016 | -H-- | C] () -- C:\windows\System32\servdat.slm
[2010/06/28 13:26:03 | 000,221,184 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\Hungry Juan Application Form.doc
[2010/06/28 12:46:00 | 000,200,704 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\N-05 Geo.Lazaro (recast).doc
[2010/06/23 11:07:19 | 001,540,218 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\Orion Dev 20100419 2232.sql
[2010/06/23 11:05:57 | 000,007,112 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\Update codes.sql
[2010/06/22 14:04:34 | 000,018,944 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\faspo.vsd
[2010/06/22 11:43:34 | 000,059,392 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\FASPO Flow.vsd
[2010/06/22 03:42:13 | 002,393,430 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\6866_b-wp_a_practical_approach_to_information_management.pdf
[2010/06/22 03:15:00 | 000,032,256 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\smokeys odl fab foods AR.XLS
[2010/06/21 10:24:35 | 000,140,823 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\PSGC 20100621 1024.sql
[2010/06/21 00:04:39 | 000,094,508 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\DepOrderReclass.pdf
[2010/06/19 23:45:47 | 005,439,135 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\New Project 20100619 2345.sql
[2010/06/17 22:28:23 | 000,061,623 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\COA JAHLazaro.pdf
[2010/06/17 22:26:00 | 000,074,240 | ---- | C] () -- E:\Documents and Settings\geo\My Documents\COA.doc
[2010/05/12 22:47:03 | 000,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI
[2010/01/14 13:13:22 | 000,000,000 | ---- | C] () -- C:\windows\tosOBEX.INI
[2010/01/13 00:28:24 | 000,000,231 | ---- | C] () -- C:\windows\System32\3dsviz.ini
[2010/01/13 00:28:24 | 000,000,043 | ---- | C] () -- C:\windows\System32\InstallSettings.ini
[2009/12/21 14:43:05 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.INI
[2009/11/22 11:21:52 | 000,164,352 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/11/22 11:21:49 | 000,755,027 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/11/22 11:21:48 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2009/11/22 11:21:48 | 000,159,839 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/11/22 11:21:47 | 000,007,680 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/11/22 11:21:47 | 000,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2009/11/22 00:46:19 | 000,000,000 | ---- | C] () -- C:\windows\CeEKey.INI
[2009/11/21 14:19:03 | 000,128,113 | ---- | C] () -- C:\windows\System32\csellang.ini
[2009/11/21 14:19:03 | 000,045,056 | ---- | C] () -- C:\windows\System32\csellang.dll
[2009/11/21 14:19:03 | 000,010,165 | ---- | C] () -- C:\windows\System32\tosmreg.ini
[2009/11/21 14:19:03 | 000,007,671 | ---- | C] () -- C:\windows\System32\cseltbl.ini
[2007/05/04 15:37:54 | 002,461,756 | ---- | C] () -- C:\windows\System32\bifgen32.dll
[2007/02/06 12:52:56 | 001,470,523 | ---- | C] () -- C:\windows\System32\Repgen32.dll
[2005/12/22 13:06:37 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2005/12/22 11:57:57 | 000,000,654 | ---- | C] () -- C:\windows\ODBC.INI
[2005/12/22 11:53:13 | 000,045,056 | ---- | C] () -- C:\windows\System32\TDispVol.dll
[2005/12/22 11:50:41 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2005/12/22 11:34:13 | 000,036,736 | ---- | C] () -- C:\windows\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/12/22 11:34:13 | 000,029,184 | ---- | C] () -- C:\windows\System32\drivers\TSXT_kern_i386.sys
[2005/12/22 11:14:02 | 000,000,216 | ---- | C] () -- C:\windows\wininit.ini
[2005/12/22 11:12:55 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2005/12/22 11:12:54 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2005/12/22 11:12:54 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2005/12/22 11:12:54 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2005/12/22 11:12:54 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2005/12/22 11:12:54 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2005/12/22 09:56:19 | 000,032,768 | ---- | C] () -- C:\windows\System32\EBLib.DLL
[2005/12/22 09:47:45 | 000,135,168 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2005/12/22 07:06:15 | 000,000,780 | ---- | C] () -- C:\windows\orun32.ini
[2005/12/22 05:45:35 | 000,002,392 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2005/12/10 06:36:30 | 000,028,672 | ---- | C] () -- C:\windows\System32\TPeculiarity.dll
[2005/11/28 20:33:56 | 000,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2005/11/24 05:55:42 | 000,024,576 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[2005/11/24 05:41:28 | 000,036,864 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2005/11/24 03:42:16 | 000,028,672 | ---- | C] () -- C:\windows\System32\TCtrlIO.dll
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\windows\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\windows\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\windows\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\windows\System32\TBTMonUI.dll
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\windows\System32\hptcpmon.ini
[1999/05/26 12:36:54 | 000,036,864 | ---- | C] () -- C:\windows\System32\xnmhn500.dll
[1999/05/26 12:36:50 | 000,102,400 | ---- | C] () -- C:\windows\System32\xnmhb500.dll
[1999/05/26 12:33:58 | 000,077,824 | ---- | C] () -- C:\windows\System32\xnmte500.dll
[1999/05/26 12:33:30 | 000,401,408 | ---- | C] () -- C:\windows\System32\xnmba500.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
< End of report >


extras.txt
--------------
OTL Extras logfile created on: 7/17/2010 9:45:28 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = E:\Downloads\Mozilla
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 30.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 24.01 Gb Total Space | 3.47 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 50.33 Gb Total Space | 43.58 Gb Free Space | 86.58% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XQSMEQT
Current User Name: geo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"110:TCP" = 110:TCP:*:Enabled:Mercury Mail
"25:TCP" = 25:TCP:*:Enabled:Mercury Mail

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\xampp\tomcat\jre\bin\javaw.exe" = C:\xampp\tomcat\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\xampp\MercuryMail\mercury.exe" = C:\xampp\MercuryMail\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.62 -- (David Harris)
"C:\xampp\FileZillaFTP\FileZilla Server.exe" = C:\xampp\FileZillaFTP\FileZilla Server.exe:*:Enabled:FileZilla Server -- (FileZilla Project)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- (MySQL AB)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"F:\xampplite\mysql\bin\mysqld.exe" = F:\xampplite\mysql\bin\mysqld.exe:*:Enabled:mysqld -- File not found
"F:\xampplite\apache\bin\httpd.exe" = F:\xampplite\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"F:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe" = F:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"H:\xampplite\apache\bin\httpd.exe" = H:\xampplite\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"H:\xampplite\mysql\bin\mysqld.exe" = H:\xampplite\mysql\bin\mysqld.exe:*:Enabled:mysqld -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"G:\xampplite\mysql\bin\mysqld.exe" = G:\xampplite\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- File not found
"G:\xampplite\apache\bin\httpd.exe" = G:\xampplite\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"G:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe" = G:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"H:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe" = H:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Documents and Settings\geo\Local Settings\Temp\pylA0.tmp\pyrun.exe" = C:\Documents and Settings\geo\Local Settings\Temp\pylA0.tmp\pyrun.exe:*:Disabled:pyrun -- File not found
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\geo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\geo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"I:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe" = I:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"Z:\xampp\mysql\bin\mysqld.exe" = Z:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- File not found
"Z:\xampp\MercuryMail\mercury.exe" = Z:\xampp\MercuryMail\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.72 -- File not found
"Z:\xampp\FileZillaFTP\FileZilla Server.exe" = Z:\xampp\FileZillaFTP\FileZilla Server.exe:*:Enabled:FileZilla Server -- File not found
"Z:\xampp\tomcat\jre\bin\javaw.exe" = Z:\xampp\tomcat\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"Z:\xampp\apache\bin\httpd.exe" = Z:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"Z:\xampplite\apache\bin\httpd.exe" = Z:\xampplite\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"Z:\xampplite\mysql\bin\mysqld.exe" = Z:\xampplite\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- File not found
"C:\Program Files\SPSSInc\SPSS16\spss.exe" = C:\Program Files\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe) -- File not found
"C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033) -- File not found
"C:\Program Files\SPSSInc\SPSS16\spss.com" = C:\Program Files\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com) -- File not found
"C:\Program Files\SPSSInc\Statistics17\statistics.com" = C:\Program Files\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com -- File not found
"C:\Program Files\SPSSInc\Statistics17\statistics.exe" = C:\Program Files\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe -- File not found
"C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1AA14082-9C81-4FEB-AED0-2C6A7FA73827}" = K109a-z
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{539A5092-B44C-4661-A153-401AD197717A}" = HP Deskjet Ink Advant K109a-z Printer Driver Software 13.0 Rel .6
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"{616A66CD-D36D-4E24-8B67-33AFDFF48061}" = Palm Outlook Conduits Updater
"{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}" = 4300
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E75882E-B40E-FA9F-4D12-9990FEEBB449}" = Mountain Bike Action - July 2010
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{80C06CCD-7D07-3DB6-86CD-B57B3F0614D8}" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1430C24-93CF-4182-9252-B333A76F2CDD}" = Garmin Training Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38B2DBC-0DEE-651D-A2AE-EFD479363F74}" = Mountain Bike Action - August 2010
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A744C7C3-76F5-42F5-9E15-497A3DFBC709}" = 4300Trb
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C5641BA1-B572-FED0-6167-382344B53A99}" = Mountain Bike Action - June 2010
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E769999E-D0D9-4D51-AEFE-1BD44289E550}" = 4300_Help
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E86E52E5-562B-404A-B39E-BDAC2E81365F}" = DJ_SF_06_K109a-z_SW_Min
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"4426ab73f62b67c04a0ebb032fb4ce1a.784B4C5CADF861323F25287817EE67357CB1E532.1" = Mountain Bike Action - August 2010
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6ee1d2863b374d64d7e7eb31fc376370.784B4C5CADF861323F25287817EE67357CB1E532.1" = Mountain Bike Action - June 2010
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe AIR" = Adobe AIR
"CCleaner" = CCleaner (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ENTERPRISE" = Microsoft Office Enterprise 2007
"f416e096697084ffab9626a2a5af974b.784B4C5CADF861323F25287817EE67357CB1E532.1" = Mountain Bike Action - July 2010
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio Team System 2008 Team Suite - ENU" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Nokia PC Suite" = Nokia PC Suite
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PRJPRO" = Microsoft Office Project Professional 2007
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Smart Bro" = Smart Bro
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VISPRO" = Microsoft Office Visio Professional 2007
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Zinio Reader" = Zinio Reader

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3821735628-3510263295-1164204225-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/16/2010 10:15:57 AM | Computer Name = XQSMEQT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 7/16/2010 10:15:57 AM | Computer Name = XQSMEQT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 7/16/2010 10:16:05 AM | Computer Name = XQSMEQT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 7/16/2010 10:16:05 AM | Computer Name = XQSMEQT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 7/16/2010 8:02:15 PM | Computer Name = XQSMEQT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 7/16/2010 8:02:15 PM | Computer Name = XQSMEQT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 7/16/2010 8:02:25 PM | Computer Name = XQSMEQT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 7/16/2010 8:02:25 PM | Computer Name = XQSMEQT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 7/16/2010 8:32:00 PM | Computer Name = XQSMEQT | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
Information\_restore{0F60396B-0F5E-4E50-B649-25D2D5E11E35}\RP236\A0056354.exe by:
Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully.

Error - 7/16/2010 8:32:00 PM | Computer Name = XQSMEQT | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume Information\_restore{0F60396B-0F5E-4E50-B649-25D2D5E11E35}\RP236\A0056354.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

[ OSession Events ]
Error - 12/16/2009 8:58:55 AM | Computer Name = XQSMEQT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 420
seconds with 360 seconds of active time. This session ended with a crash.

Error - 4/27/2010 9:13:29 AM | Computer Name = XQSMEQT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 71
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/16/2010 10:15:49 AM | Computer Name = XQSMEQT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/16/2010 10:15:57 AM | Computer Name = XQSMEQT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/16/2010 10:16:03 AM | Computer Name = XQSMEQT | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1058

Error - 7/16/2010 10:16:03 AM | Computer Name = XQSMEQT | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 7/16/2010 10:16:05 AM | Computer Name = XQSMEQT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/16/2010 8:02:04 PM | Computer Name = XQSMEQT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/16/2010 8:02:15 PM | Computer Name = XQSMEQT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/16/2010 8:02:22 PM | Computer Name = XQSMEQT | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1058

Error - 7/16/2010 8:02:22 PM | Computer Name = XQSMEQT | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 7/16/2010 8:02:25 PM | Computer Name = XQSMEQT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >
xqsmeqt31416
Active Member
 
Posts: 8
Joined: November 16th, 2009, 12:10 am

Re: multiple iexplore.exe spawned on startup

Unread postby deltalima » July 17th, 2010, 3:33 pm

Hi xqsmeqt31416,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O4 - HKLM..\Run: [HKLM] C:\windows\install\Windows defender.exe File not found
    O4 - HKU\S-1-5-21-3821735628-3510263295-1164204225-1006..\Run: [HKCU] C:\windows\install\Windows defender.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\windows\install\Windows defender.exe File not found
    O7 - HKU\S-1-5-21-3821735628-3510263295-1164204225-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\windows\install\Windows defender.exe File not found
    :commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply and also let me know how your computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: multiple iexplore.exe spawned on startup

Unread postby xqsmeqt31416 » July 18th, 2010, 4:58 am

hi deltalima,

thanks for the reply. the following are the log files requested:

otl:
--------
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3821735628-3510263295-1164204225-1006\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3821735628-3510263295-1164204225-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56504 bytes

User: geo
->Temp folder emptied: 96417339 bytes
->Temporary Internet Files folder emptied: 6275100 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 90904191 bytes
->Flash cache emptied: 1050472 bytes

User: Intel

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35597 bytes

User: NetworkService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 250084 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 66535596 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 179290 bytes

Total Files Cleaned = 250.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07182010_102230

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_2a8.dat not found!

Registry entries deleted on Reboot...


kaspersky online:
---------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, July 18, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, July 18, 2010 01:39:14
Records in database: 4230320
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 108752
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:17:09

No threats found. Scanned area is clean.

Selected area has been scanned.

===========================

so far, the original problem (iexplore spawning on startup) hasn't surfaced since malwarebyte anti-malware detected and cleaned the malware. the additional items detected and cleaned after malwarebyte anti-malware seemed to not spawn iexplore on startup. i still get multiple instances of iexplore when i open ie 8 (at least 2 instances even with 1 tab). i guess this has something to do with multiple tabs feature since all instances terminate when i close the main window. hope this case is on it's way to closing. thank you.
xqsmeqt31416
Active Member
 
Posts: 8
Joined: November 16th, 2009, 12:10 am

Re: multiple iexplore.exe spawned on startup

Unread postby deltalima » July 18th, 2010, 9:36 am

Hi xqsmeqt31416,

i still get multiple instances of iexplore when i open ie 8


That is normal behaviour for IE8.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight J2SE Runtime Environment 5.0 Update 4
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: multiple iexplore.exe spawned on startup

Unread postby xqsmeqt31416 » July 18th, 2010, 8:23 pm

all updates done. thanks!
xqsmeqt31416
Active Member
 
Posts: 8
Joined: November 16th, 2009, 12:10 am

Re: multiple iexplore.exe spawned on startup

Unread postby deltalima » July 19th, 2010, 3:16 am

You're welcome!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: multiple iexplore.exe spawned on startup

Unread postby Elrond » July 19th, 2010, 3:49 am

xqsmeqt31416 this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware