Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected Adobe Update Virus - DDS Logs Included

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspected Adobe Update Virus - DDS Logs Included

Unread postby skip77 » March 21st, 2011, 7:58 pm

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Skip at 19:50:18.01 on Mon 03/21/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1179 [GMT -4:00]
.
AV: AVG *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\11g USB adapter\Wifiusb.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
G:\Downloads\Virus & Spyware\DDS Log\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CmPCIaudio] "RunDll32" CMICNFG3.CPL,CMICtrlWnd
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [PhiBtn]
mRun: [Traymin900]
mRun: [hpfsched] c:\windows\hpfsched.exe
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\skip\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\80211g~1.lnk - c:\program files\11g usb adapter\Wifiusb.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partne ... nicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325}
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows\system32\ieframe.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-10-27 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-10-27 189904]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-10-27 99792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-10-27 357968]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-27 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-27 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-27 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-10-27 119200]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-9-5 363344]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-5-14 20704]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-9-5 20952]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S2 HPFECP12;HPFECP12;c:\windows\system32\drivers\HPFecp12.sys [1999-2-12 52800]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2007-10-14 1240576]
S3 cpuz132;cpuz132;\??\c:\docume~1\skip\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\skip\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2010-10-22 386560]
S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2010-10-22 20992]
S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2010-10-22 33792]
S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys --> c:\windows\system32\drivers\usbvm326.sys [?]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2007-10-14 475264]
S4 MioNet;MioNet Service;"c:\program files\mionet\mionetmanager.exe" -s "c:\program files\mionet\wrapper.conf" --> c:\program files\mionet\MioNetManager.exe [?]
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2011-03-19 20:44:12 -------- d-----w- c:\windows\system32\Adobe
2011-03-19 19:52:22 -------- d-----w- C:\http-
2011-03-19 18:44:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Socusoft
2011-03-19 18:43:07 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2011-03-03 21:05:26 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-03 21:05:26 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-01 21:03:52 -------- d-----w- c:\program files\HP DeskJet 880C Series
.
==================== Find3M ====================
.
2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
.
============= FINISH: 19:51:58.17 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/13/2006 9:51:51 PM
System Uptime: 3/21/2011 1:26:50 PM (6 hours ago)
.
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 11.993 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 18.373 GiB free.
E: is CDROM (CDFS)
G: is FIXED (NTFS) - 466 GiB total, 165.183 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1209: 2/10/2011 6:47:57 AM - Software Distribution Service 3.0
RP1210: 2/11/2011 7:24:31 AM - Software Distribution Service 3.0
RP1211: 2/12/2011 8:09:14 AM - System Checkpoint
RP1212: 2/13/2011 8:24:24 AM - System Checkpoint
RP1213: 2/14/2011 10:03:17 AM - System Checkpoint
RP1214: 2/15/2011 5:26:34 PM - System Checkpoint
RP1215: 2/16/2011 6:52:57 PM - System Checkpoint
RP1216: 2/17/2011 7:43:49 PM - System Checkpoint
RP1217: 2/18/2011 9:12:31 PM - System Checkpoint
RP1218: 2/19/2011 9:51:47 PM - System Checkpoint
RP1219: 2/21/2011 8:45:59 AM - System Checkpoint
RP1220: 2/22/2011 8:55:36 AM - System Checkpoint
RP1221: 2/23/2011 2:54:38 PM - System Checkpoint
RP1222: 2/24/2011 3:23:34 PM - System Checkpoint
RP1223: 2/25/2011 7:11:41 PM - System Checkpoint
RP1224: 2/26/2011 7:51:22 PM - System Checkpoint
RP1225: 2/27/2011 9:07:30 PM - System Checkpoint
RP1226: 2/28/2011 11:21:04 PM - System Checkpoint
RP1227: 3/1/2011 4:04:15 PM - Printer Driver HP DeskJet 880C Series Printer Installed
RP1228: 3/1/2011 4:11:31 PM - Installed HP Product Detection.
RP1229: 3/2/2011 4:38:07 PM - System Checkpoint
RP1230: 3/3/2011 4:04:35 PM - Restore Operation
RP1231: 3/4/2011 5:06:23 PM - System Checkpoint
RP1232: 3/5/2011 8:28:40 PM - System Checkpoint
RP1233: 3/6/2011 3:00:30 AM - Software Distribution Service 3.0
RP1234: 3/7/2011 7:30:36 AM - System Checkpoint
RP1235: 3/8/2011 7:52:49 AM - System Checkpoint
RP1236: 3/9/2011 3:01:09 AM - Software Distribution Service 3.0
RP1237: 3/9/2011 6:11:51 AM - Removed Modem Helper
RP1238: 3/10/2011 12:02:00 PM - System Checkpoint
RP1239: 3/11/2011 2:55:48 PM - System Checkpoint
RP1240: 3/12/2011 3:13:44 PM - System Checkpoint
RP1241: 3/13/2011 6:57:55 PM - System Checkpoint
RP1242: 3/14/2011 11:14:06 PM - System Checkpoint
RP1243: 3/16/2011 3:00:35 AM - Software Distribution Service 3.0
RP1244: 3/17/2011 5:58:26 AM - System Checkpoint
RP1245: 3/18/2011 8:29:30 AM - System Checkpoint
RP1246: 3/19/2011 8:58:40 AM - System Checkpoint
RP1247: 3/20/2011 12:53:25 PM - System Checkpoint
RP1248: 3/21/2011 12:59:00 PM - System Checkpoint
.
==== Installed Programs ======================
.
802.11g USB adapter
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.5
Adobe Shockwave Player 11.5
AMCap
Amorphium
Amorphium 3
AmorphiumPro
AP Tuner 3.08
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.8 (Unicode)
avast! Internet Security
AVS Audio Converter version 6.3
AVS Audio Editor version 6.1
AVS Image Converter 1.2.1.100
AVS Media Player 3.1
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Editor 4
AVS Video ReMaker 3.1.2.102
AVS Video to Flash
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.4
Bonjour
Boris Graffiti
CameraHelperMsi
Canon Camera Access Library
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon iP1700 User Registration
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
CuteSITE Builder
CyberLink PhotoNow
CyberLink PowerDirector
Debugging Tools for Windows
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell PC Fax
Dell Photo AIO Printer 926
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
Easy-WebPrint
EducateU
ELIcon
erLT
Flash Slideshow Maker Pro 5.00
FlashLynx Video Download Software
Games, Music, & Photos Launcher
Get High Speed Internet!
Guitar Guru Version 2.2.0
HFX Volume 2
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP DeskJet 880C Series (Remove only)
HP Product Detection
Inkscape 0.47
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaspersky Online Scanner
LiveUpdate 2.6 (Symantec Corporation)
Logitech Webcam Software
Logo Design Studio
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic Bullet Looks Studio
Malwarebytes' Anti-Malware
MCU
Media Resizer PRO
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Office 2000 SR-1 Professional
Microsoft Picture It! Express 2.0
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works Setup Launcher
Move Media Player
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
msxml4
Musicmatch for Windows Media Player
Musicnotes Player V1.23.1 and Viewer
My Wal-Mart Digital Photo Center
NCH Toolbox
NetWaiting
Philips VLounge
PhoTags Express
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Video Driver
Power Tab Editor 1.7
PrintMaster 2.0 Express
PrintMaster Gold 4.00
proDAD Vitascene 1.0
Professor Franklin (Remove only)
QuickTime
Roxio Backup MyPC
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serif DrawPlus X2
Serif WebPlus X4
Serif WebPlus X4 Bonus Content Pack
Serif WebPlus X4 Resources
Sibelius Scorch Plugin
SigmaTel Audio
SIM editor 4.0
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
SmartSound Quicktracks Plugin
Sonic Activation Module
Sonic Encoders
SPC 900NC PC Camera
Studio Premium Pack 1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Verizon SmartCall
vShare Plugin
Walmart MP3 Music Downloads
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7 Beta 3
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
Xara Xtreme 5
Xtreme Sound PCI
.
==== Event Viewer Messages From Past Week ========
.
3/14/2011 5:55:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgMfx86
.
==== End Of File ===========================
skip77
Active Member
 
Posts: 6
Joined: March 21st, 2011, 6:53 pm
Advertisement
Register to Remove

Re: Suspected Adobe Update Virus - DDS Logs Included

Unread postby Dakeyras » March 25th, 2011, 6:50 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:


  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 8.2.5
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Kaspersky Online Scanner <-- This is outdated now.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

SC Reset:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
Code: Select all
net stop winmgmt
rd %systemroot%\system32\wbem\repository
net start winmgmt
  • Go to File >> Save As
  • Save File name as "reset.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.

Double click on reset.bat. A command window will open, when prompted type in Y then hit the enter/return key.

When completed the command window will close. Reboot your computer. <-- Make sure you do this.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Double-click on OTL.exe to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

How is my computer performing now?

Unread postby skip77 » March 25th, 2011, 7:49 pm

it seems to be working normally
skip77
Active Member
 
Posts: 6
Joined: March 21st, 2011, 6:53 pm

OTL.txt LOG

Unread postby skip77 » March 25th, 2011, 7:50 pm

OTL logfile created on: 3/25/2011 7:43:56 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Skip\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 13.34 Gb Free Space | 26.04% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 18.37 Gb Free Space | 98.78% Space Free | Partition Type: NTFS
Drive E: | 528.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1863.01 Gb Total Space | 1860.21 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 157.29 Gb Free Space | 33.77% Space Free | Partition Type: NTFS

Computer Name: D3JTT3B1 | User Name: Skip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Skip\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\dlcxcoms.exe ( )
PRC - C:\Program Files\11g USB adapter\Wifiusb.exe (TECOM)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Skip\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\GlobalSCAPE\CuteSITE Builder\program\Msscript.OCX (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MioNet) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (LVUVC) Logitech HD Pro Webcam C910(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\WINDOWS\system32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (aswNdis) -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys (ALWIL Software)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (TASCAM_US122144) -- C:\WINDOWS\system32\drivers\tascusb2.sys (TASCAM)
DRV - (TASCAM_US122L_MK2_WDM) -- C:\WINDOWS\system32\drivers\tscusb2a.sys (TASCAM)
DRV - (TASCAM_US122L_MK2_MIDI) -- C:\WINDOWS\system32\drivers\tscusb2m.sys (TASCAM)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (vmfilter323) -- C:\WINDOWS\system32\drivers\vmfilter323.sys (Vimicro Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (cmuda3) -- C:\WINDOWS\system32\drivers\cmuda3.sys (C-Media Inc)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (camvid40) -- C:\WINDOWS\system32\drivers\camdrv41.sys (Philips Consumer Electronics)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (PRISM_A02) -- C:\WINDOWS\system32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (HPFECP12) -- C:\WINDOWS\System32\drivers\HPFECP12.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/10/27 13:43:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/27 22:52:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/10/27 13:48:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PhiBtn] File not found
O4 - HKLM..\Run: [Traymin900] File not found
O4 - HKLM..\Run: [UpdatePDRShortCut] F:\Cyberlink PowerDirector 8\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11g USB adapter.lnk = C:\Program Files\11g USB adapter\Wifiusb.exe (TECOM)
O4 - Startup: C:\Documents and Settings\Skip\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} Reg Error: Key error. (iNotes6 Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Skip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Skip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/07 10:19:28 | 000,000,047 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/09/10 16:36:35 | 000,002,312 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O32 - AutoRun File - [2010/07/02 17:32:34 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0ac10097-9f62-11db-afc1-0003c95093f4}\Shell\AutoRun\command - "" = F:\podcastready.exe
O33 - MountPoints2\{25c71a98-0e9b-11de-b185-0003c95093f4}\Shell - "" = AutoRun
O33 - MountPoints2\{25c71a98-0e9b-11de-b185-0003c95093f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{25c71a98-0e9b-11de-b185-0003c95093f4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1999/02/22 05:28:16 | 000,012,576 | R--- | M] (Hewlett-Packard Co.)
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 19:42:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Skip\Desktop\OTL.exe
[2011/03/24 12:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Skip\Start Menu\Programs\CyberLink PowerDirector
[2011/03/19 16:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/03/19 15:52:22 | 000,000,000 | ---D | C] -- C:\http-
[2011/03/19 14:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2011/03/19 14:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Skip\My Documents\Flash Slideshow Maker Professional
[2011/03/19 14:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Skip\Start Menu\Programs\Flash Slideshow Maker Professional
[2011/03/19 14:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Slideshow Maker Professional
[2011/03/01 17:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP DeskJet 880C Series v11.1
[2011/03/01 17:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP DeskJet 880C Series
[2007/09/05 18:26:29 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2007/09/05 18:26:28 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2007/09/05 18:26:28 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2007/09/05 18:26:28 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2007/09/05 18:26:27 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2007/09/05 18:26:27 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2007/09/05 18:26:27 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2007/09/05 18:26:27 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2007/09/05 18:26:26 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2007/09/05 18:26:25 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2007/09/05 18:26:25 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxih.exe
[2007/09/05 18:26:24 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
[2007/09/05 18:26:23 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2007/09/05 18:26:23 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2007/09/05 18:26:23 | 000,381,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcfg.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/25 19:42:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Skip\Desktop\OTL.exe
[2011/03/25 19:40:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/25 19:38:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/25 19:35:09 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Skip\Desktop\reset.bat
[2011/03/25 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/03/25 17:42:08 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{931E1E8D-9444-4173-AEC3-06BB86089D7C}.job
[2011/03/24 23:26:12 | 000,048,369 | ---- | M] () -- C:\Documents and Settings\Skip\Desktop\basscollege.jpg
[2011/03/24 23:19:31 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\Skip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/24 22:39:55 | 000,001,009 | ---- | M] () -- C:\Documents and Settings\Skip\Desktop\CyberLink PowerDirector.lnk
[2011/03/21 15:20:29 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\Skip\Desktop\stinger032111.exe.lnk
[2011/03/20 14:52:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/03/19 14:43:42 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Skip\Desktop\Flash Slideshow Maker Pro.lnk
[2011/03/19 14:12:09 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/03/19 11:31:08 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\Skip\Local Settings\Application Data\fusioncache.dat
[2011/03/17 21:09:49 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\Skip\Desktop\AVS4YOU Software Navigator.lnk
[2011/03/17 21:08:56 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Skip\Desktop\AVS Video Editor 4.lnk
[2011/03/17 16:59:28 | 000,473,250 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/17 16:59:28 | 000,084,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/16 03:02:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/15 17:23:01 | 000,173,890 | ---- | M] () -- C:\Documents and Settings\Skip\My Documents\PDR.dmp
[2011/03/05 17:19:49 | 000,927,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/01 17:52:07 | 000,000,528 | ---- | M] () -- C:\WINDOWS\HPFCSS12.INI
[2011/03/01 17:09:04 | 000,000,264 | ---- | M] () -- C:\WINDOWS\HPFTBX12.INI
[2011/03/01 17:09:01 | 000,004,404 | ---- | M] () -- C:\WINDOWS\System32\HPFlnk12.ini
[2011/03/01 17:06:33 | 000,000,438 | ---- | M] () -- C:\WINDOWS\hpfsched.ini
[2011/03/01 17:04:30 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP DeskJet 880C Series v11.1 Toolbox.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/25 19:35:09 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Skip\Desktop\reset.bat
[2011/03/24 23:26:42 | 000,048,369 | ---- | C] () -- C:\Documents and Settings\Skip\Desktop\basscollege.jpg
[2011/03/24 12:28:26 | 000,001,009 | ---- | C] () -- C:\Documents and Settings\Skip\Desktop\CyberLink PowerDirector.lnk
[2011/03/21 15:20:33 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\Skip\Desktop\stinger032111.exe.lnk
[2011/03/19 14:43:42 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Skip\Desktop\Flash Slideshow Maker Pro.lnk
[2011/03/19 11:31:08 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Skip\Local Settings\Application Data\fusioncache.dat
[2011/03/17 21:08:56 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Skip\Desktop\AVS Video Editor 4.lnk
[2011/03/11 17:28:42 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\Skip\Desktop\AVS4YOU Software Navigator.lnk
[2011/03/01 17:09:03 | 000,000,528 | ---- | C] () -- C:\WINDOWS\HPFCSS12.INI
[2011/03/01 17:04:31 | 000,000,438 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2011/03/01 17:04:30 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP DeskJet 880C Series v11.1 Toolbox.lnk
[2011/03/01 17:04:05 | 000,000,264 | ---- | C] () -- C:\WINDOWS\HPFTBX12.INI
[2011/02/09 19:16:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2011/01/12 21:23:13 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Skip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/10 07:38:55 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2010/11/10 07:38:55 | 000,002,145 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
[2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 22:45:30 | 010,871,128 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 22:45:20 | 000,316,248 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/09 22:31:42 | 000,026,286 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/27 12:52:13 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010/10/05 15:41:08 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.exe
[2010/10/05 15:41:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL
[2010/10/05 15:41:08 | 000,000,464 | ---- | C] () -- C:\WINDOWS\CMUDA3.ini
[2010/05/07 19:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/03/21 22:15:18 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Skip\Application Data\AVSMediaPlayer.m3u
[2009/10/08 23:40:12 | 000,000,052 | ---- | C] () -- C:\WINDOWS\pixworks.ini
[2009/07/03 17:20:11 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/03 17:20:11 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/25 21:58:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2009/03/15 21:07:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2008/09/06 08:43:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/09/06 08:43:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/09/06 08:43:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/09/06 08:43:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/02/08 18:13:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\LS3Renderer.dll
[2008/01/28 19:56:16 | 000,000,294 | -HS- | C] () -- C:\WINDOWS\System32\ivfruxmw.ini
[2007/12/30 14:29:14 | 000,000,095 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/10/14 12:59:49 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2007/10/14 12:59:49 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2007/10/14 10:36:39 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\setupfilter.exe
[2007/10/14 10:33:05 | 000,103,437 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2007/09/08 19:36:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/09/05 18:31:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2007/09/05 18:31:07 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2007/09/05 18:30:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2007/09/05 18:30:34 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2007/09/05 18:30:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2007/09/05 18:27:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2007/09/05 18:27:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2007/09/05 18:26:29 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2007/09/05 18:26:28 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2007/09/05 18:26:26 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2007/09/05 18:26:26 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2007/09/05 18:26:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2007/09/05 18:26:26 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2007/09/05 18:26:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2007/09/05 18:26:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2007/09/05 18:26:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2007/09/05 18:26:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2007/09/05 18:26:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DLCXcfg.dll
[2007/04/27 11:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2007/02/04 15:49:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Pt.dll
[2006/11/29 19:43:04 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/11/22 21:42:01 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Skip\Application Data\dvd.bmk
[2006/11/04 11:22:32 | 000,000,060 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2006/09/28 18:49:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/20 22:04:47 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Skip\Application Data\PFP120JPR.{PB
[2006/08/20 22:04:47 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Skip\Application Data\PFP120JCM.{PB
[2006/08/15 00:46:21 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/27 08:33:47 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\ECC7B48995.sys
[2006/07/20 21:47:01 | 000,007,518 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/20 21:47:01 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9589B4C7EC.sys
[2006/07/01 20:09:54 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/06/23 18:53:58 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/08 04:59:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/08 04:56:16 | 000,000,278 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/08 04:52:20 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/06/08 04:50:39 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/06/08 04:45:46 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/06/08 04:21:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/06/08 04:21:26 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,927,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/16 04:18:33 | 000,473,250 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,084,556 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/03/02 22:26:29 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[1999/02/22 05:29:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[1999/02/12 05:24:30 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\HPFcfg12.exe
[1999/02/12 05:24:02 | 000,004,404 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk12.ini
[1999/02/12 05:24:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk12.exe
[1999/02/12 05:22:00 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\HPFtbx12.exe
[1999/02/12 05:18:40 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\HPFhid12.exe
[1999/02/12 05:05:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl12.dll
[1999/02/12 05:05:04 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl12.dll
[1999/02/12 05:05:00 | 000,289,792 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl12.dll
[1999/02/12 05:04:56 | 001,212,416 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl12.dll
[1999/02/12 05:00:26 | 000,193,536 | ---- | C] () -- C:\WINDOWS\System32\HPFcps12.dll
[1999/02/12 04:59:56 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r12.dll
[1999/02/12 04:58:46 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst12.dll
[1999/02/12 04:57:08 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\HPFpcl12.dll
[1999/02/12 04:49:56 | 000,404,992 | ---- | C] () -- C:\WINDOWS\System32\HPFui12.dll
[1999/02/12 04:43:40 | 000,266,752 | ---- | C] () -- C:\WINDOWS\System32\HPFwin12.dll
[1999/02/12 04:40:12 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\HPFmon12.dll
[1999/02/12 04:39:28 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl12.dll
[1999/02/12 04:37:30 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\HPFnet12.dll
[1999/02/12 04:37:16 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop12.dll
[1999/02/12 04:37:06 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml12.dll
[1999/02/12 04:37:00 | 000,138,428 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc12.dll
[1999/02/12 04:36:54 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem12.dll
[1999/02/12 04:36:50 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm12.dll
[1999/02/12 04:36:38 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom12.dll
[1999/02/12 04:35:48 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp12.sys
[1999/02/12 04:35:00 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu12.dll
[1999/02/12 04:34:32 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa12.dll
[1999/02/12 04:30:10 | 000,849,920 | ---- | C] () -- C:\WINDOWS\System32\HPFimg12.dll
[1999/02/12 04:26:50 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt12.dll
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/05/01 06:47:16 | 000,185,344 | ---- | C] () -- C:\WINDOWS\frankcal.dll
[1997/08/19 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/19 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/03/03 06:43:48 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1997/03/03 06:38:58 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\c_037.nls:SummaryInformation
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C39E55C5

< End of report >
skip77
Active Member
 
Posts: 6
Joined: March 21st, 2011, 6:53 pm

Extras.txt LOG

Unread postby skip77 » March 25th, 2011, 7:51 pm

OTL Extras logfile created on: 3/25/2011 7:43:56 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Skip\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 13.34 Gb Free Space | 26.04% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 18.37 Gb Free Space | 98.78% Space Free | Partition Type: NTFS
Drive E: | 528.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1863.01 Gb Total Space | 1860.21 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 157.29 Gb Free Space | 33.77% Space Free | Partition Type: NTFS

Computer Name: D3JTT3B1 | User Name: Skip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"1700:TCP" = 1700:TCP:*:Disabled:MioNet Remote Drive Access
"1641:TCP" = 1641:TCP:*:Disabled:MioNet Remote Drive Verification

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Skip\My Documents\Websites\Ipswitch\WS_FTP95.exe" = C:\Documents and Settings\Skip\My Documents\Websites\Ipswitch\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes
"C:\WINDOWS\system32\dlcxcoms.exe" = C:\WINDOWS\system32\dlcxcoms.exe:*:Disabled:Lexmark Communications System -- ( )
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Disabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\11g USB adapter\Wifiusb.exe" = C:\Program Files\11g USB adapter\Wifiusb.exe:*:Enabled:802.11g USB adapter -- (TECOM)
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}" = SPC 900NC PC Camera
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37F79692-6F8A-487E-BF5A-A1E3227D9830}" = HFX Volume 2
"{3A438F62-00EE-4422-906B-6D9E107FC33F}" = Serif DrawPlus X2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{55485AA6-B3C8-4FEF-9A1E-09B7DE3DB589}" = Serif WebPlus X4 Bonus Content Pack
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{637099FB-45FD-4BC7-9651-6FB540DBB749}" = Roxio Backup MyPC
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}" = Philips VLounge
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Resources
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FE67144-F235-4FAB-8E0E-1C04D724B2CE}" = Studio Premium Pack 1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A531814A-27A5-4048-9BD6-7EE924E261CC}" = 802.11g USB adapter
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B174218F-22EA-45F4-B745-1EAF2F8C3722}" = Xara Xtreme 5
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DAF8B012-D559-4B8D-95C0-D98E1172E5C3}" = My Wal-Mart Digital Photo Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E731FFA5-5907-45B5-A4CB-62A32C134719}}_is1" = Media Resizer PRO
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F3ECED46-91CC-4F44-9917-9A20085D5D26}" = Debugging Tools for Windows
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"6485-4051-8654-1629" = PrintMaster 2.0 Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AMCap" = AMCap
"Amorphium" = Amorphium
"Amorphium 3" = Amorphium 3
"AmorphiumPro" = AmorphiumPro
"AP Tuner 3.08" = AP Tuner 3.08
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"avast5" = avast! Internet Security
"AVS Audio Converter 6.3_is1" = AVS Audio Converter version 6.3
"AVS Audio Editor_is1" = AVS Audio Editor version 6.1
"AVS Image Converter_is1" = AVS Image Converter 1.2.1.100
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video ReMaker_is1" = AVS Video ReMaker 3.1.2.102
"AVS Video to Flash_is1" = AVS Video to Flash
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP1700 User Registration" = Canon iP1700 User Registration
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"C-Media PCI Sound" = Xtreme Sound PCI
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CuteSITE Builder" = CuteSITE Builder
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Easy-WebPrint" = Easy-WebPrint
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 5.00
"FlashLynx" = FlashLynx Video Download Software
"Guitar Guru_is1" = Guitar Guru Version 2.2.0
"HP DeskJet 880C Series" = HP DeskJet 880C Series (Remove only)
"ie7beta3" = Windows Internet Explorer 7 Beta 3
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.47
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{A531814A-27A5-4048-9BD6-7EE924E261CC}" = 802.11g USB adapter
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Logo Design Studio 3.5.2" = Logo Design Studio
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Picture It! Express" = Microsoft Picture It! Express 2.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Player_is1" = Musicnotes Player V1.23.1 and Viewer
"MVApplication1" = Memorex exPressit Label Design Studio
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Personal Printing Guide" = Canon Personal Printing Guide
"PhoTagsExpress" = PhoTags Express
"PhotoStitch" = Canon Utilities PhotoStitch
"PrintMaster Gold 4.00" = PrintMaster Gold 4.00
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"Professor Franklin" = Professor Franklin (Remove only)
"PROSet" = Intel(R) PRO Network Connections Drivers
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sibelius Scorch Plugin" = Sibelius Scorch Plugin
"SIM editor" = SIM editor 4.0
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"ToolBox" = NCH Toolbox
"Verizon SmartCall" = Verizon SmartCall
"vShare" = vShare Plugin
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works99Setup" = Microsoft Works Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1032026603-3943697925-929305998-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2011 5:06:01 PM | Computer Name = D3JTT3B1 | Source = Application Error | ID = 1000
Description = Faulting application pdr8.exe, version 8.0.0.3022, faulting module
unknown, version 0.0.0.0, fault address 0x022dfbf2.

Error - 3/15/2011 5:23:12 PM | Computer Name = D3JTT3B1 | Source = Application Error | ID = 1000
Description = Faulting application pdr8.exe, version 8.0.0.3022, faulting module
unknown, version 0.0.0.0, fault address 0x6ec733e4.

Error - 3/15/2011 9:29:52 PM | Computer Name = D3JTT3B1 | Source = Application Error | ID = 1000
Description = Faulting application pdr8.exe, version 8.0.0.3022, faulting module
unknown, version 0.0.0.0, fault address 0x6ec733e4.

Error - 3/18/2011 6:35:33 PM | Computer Name = D3JTT3B1 | Source = Application Error | ID = 1000
Description = Faulting application QuickTimePlayer.exe, version 7.60.92.0, faulting
module QuickTimePlayer.exe, version 7.60.92.0, fault address 0x0000130d.

Error - 3/19/2011 2:22:19 PM | Computer Name = D3JTT3B1 | Source = Application Hang | ID = 1002
Description = Hanging application Studio.exe, version 12.1.3.6605, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2011 12:07:58 PM | Computer Name = D3JTT3B1 | Source = ESENT | ID = 490
Description = svchost (1900) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/24/2011 12:07:58 PM | Computer Name = D3JTT3B1 | Source = ESENT | ID = 485
Description = svchost (1900) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 3/24/2011 1:41:43 PM | Computer Name = D3JTT3B1 | Source = Application Error | ID = 1000
Description = Faulting application pdr8.exe, version 8.0.0.3022, faulting module
unknown, version 0.0.0.0, fault address 0x022d8fd7.

Error - 3/24/2011 1:58:39 PM | Computer Name = D3JTT3B1 | Source = Application Error | ID = 1000
Description = Faulting application pdr8.exe, version 8.0.0.3022, faulting module
cledtkrn.dll, version 6.0.0.2815, fault address 0x0000afd3.

Error - 3/25/2011 6:47:18 PM | Computer Name = D3JTT3B1 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 9.0.0.3822, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/14/2011 5:55:12 PM | Computer Name = D3JTT3B1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgMfx86

Error - 3/16/2011 3:20:12 AM | Computer Name = D3JTT3B1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgMfx86

Error - 3/17/2011 4:55:44 PM | Computer Name = D3JTT3B1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgMfx86

Error - 3/21/2011 1:28:47 PM | Computer Name = D3JTT3B1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgMfx86

Error - 3/23/2011 9:35:22 AM | Computer Name = D3JTT3B1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 3/23/2011 9:35:22 AM | Computer Name = D3JTT3B1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 3/24/2011 12:07:23 PM | Computer Name = D3JTT3B1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgMfx86

Error - 3/24/2011 10:40:55 PM | Computer Name = D3JTT3B1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgMfx86

Error - 3/25/2011 5:11:31 PM | Computer Name = D3JTT3B1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgMfx86

Error - 3/25/2011 7:40:00 PM | Computer Name = D3JTT3B1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgMfx86


< End of report >
skip77
Active Member
 
Posts: 6
Joined: March 21st, 2011, 6:53 pm

Re: Suspected Adobe Update Virus - DDS Logs Included

Unread postby Dakeyras » March 26th, 2011, 9:40 am

Hi. :)

it seems to be working normally
Good.

Please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

vShare Plugin <-- Has undesirable characteristics.
Windows Internet Explorer 7 Beta 3 <-- Not required as you have IE8 installed.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:OTL
SRV - (MioNet) -- File not found
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1032026603-3943697925-929305998-1005\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} Reg Error: Key error. (iNotes6 Class)
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[2011/03/25 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C39E55C5

:Files 
ipconfig /flushdns /c 
%systemroot%\prefetch\*.* 
C:\WINDOWS\System32\drivers\avgmfx86.sys

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Suspected Adobe Update Virus - DDS Logs Included

Unread postby skip77 » March 28th, 2011, 10:44 am

dear dakyras, i had a problem after removing the vshare plugin and older IE 7 Beta 3 from my program list. When I rebooted, the hard drive took off at high speed and kept using 75% of system resources for more than 5 minutes solid - at which time I was concerned that some spyware was stealing my personal information etc so I did a hard shutdown with power button. Not sure if that interruption or the previous 2 program removals caused the next problem but the machine would not boot to Windows afterward. I ran system diagnostics tests via the F2 and F12 interfaces on my computer and all tests passed. From F2 interface I could not boot to Windows in any of the Safe modes - I got a screen full of command lines for drivers that froze. In the Normal or Last Previous Successful options the Windows boot screen appeared but hard drive stopped midway into it and never a successful boot, ending in dark screen and froze. I could not find a recovery disk for my system and I had no choice but to take the tower to a local repair shop this morning. I am concerned that either it will not be repairable or they will try to charge me too much for the repair. I am not sure whether the VShare Plugin, IE 7 Beta 3 removals or the previous change to the .bat file caused the boot problem. I am sending this message from a public computer. Will log back into the forum when my machine is back up and running. Will check for a message from you then.
skip77
Active Member
 
Posts: 6
Joined: March 21st, 2011, 6:53 pm

Re: Suspected Adobe Update Virus - DDS Logs Included

Unread postby Dakeyras » March 28th, 2011, 11:47 am

Hi. :)

A most unfortunate turn of events indeed and you have my up-most sympathy. A pity you did not inform myself sooner as then we could have attempted to remedy the situation and continue with the Malware Removal process.

I have no idea what the local repair shop may attempt but most likely will try to invoke the recovery partition(it appears your machine may have such), perform a repair of the Operating System and or a actual reformat and reinstallation of the Windows Operating System.

If in the event it is any of the aforementioned depending or what else may be done to your machine you may have to reinstall all relevant Service Packs/Critical Updates and Security related software. Not a lot else I can say at this point and or advise apart from good luck and stay safe. However if in the event the local repair shop merely invokes a System Restore Point and nothing else do create a new topic requesting assistance.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Suspected Adobe Update Virus - DDS Logs Included

Unread postby Cypher » March 28th, 2011, 12:00 pm

As you have decided to take your computer to local repair shop, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware