Missing rundll32 still missing

FuzzeeLogic · #1 March 29th, 2011, 10:13 PM

After reading CTH threads on “missing rundll32.exe” and relevant threads found with a Google search…my problems remain unsolved. All symptoms of a missing or corrupted rundll32.exe are present. I ran Malwarebytes several times and Combofix (twice). Searching my hard drive for “rundll32” returned 3 locations: C:\WINDOWS\$NtServicePackUninstall$; C:\WINDOWS\SYSTEM32; C:\WINDOWS\ServicePackFiles\i386. (The file version for these applications is 5.1.2600.5512.) This PC (Pentium 4/2.994 MHz/1.00 GB ram) is running XP Home Edition v.2002 with SP3. I don't have the install CD for the home edition, but I do have the install disk for XP Pro, which I run on my Toshiba laptop. I'm completely confused. Please help. (I’m UTC/GMT-8.)

Mosaic1 · #2 March 31st, 2011, 06:06 AM

It's not a good idea to run powerful tools without help.

Click this link to download OldTimer's OTL to your desktop.
http://oldtimer.geekstogo.com/OTL.exe

Next, click OTL.exe to open the scan display.(Vista and windows7 Users, right click on OTL.exe and t=click on Run As Administrator) At the top check "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

FuzzeeLogic · #3 March 31st, 2011, 07:35 PM

Will do.

FuzzeeLogic · #4 March 31st, 2011, 08:43 PM

1. Downloaded OTL.exe to the desktop.
2. Clicking on the icon opened up the "Open With" menu.
3. Closed the "Open With" menu.
4. Right-clicked on the OTL.exe icon.
5. Selected "Run as..." option which opened the application.
6. Selected "Scan all users."
7. Could not find the two .txt files you expected.
8. Ran multiple searches (.txt; OTL; Extras;all files modified today).
9. Ran OTL.exe with the 60-day scan option.
10. Could not locate the two report files.

FuzzeeLogic · #5 March 31st, 2011, 10:47 PM

Downloaded and ran OTL.exe in Safe Mode, which generated the two report files in the folder where they were supposed to be.

OTL logfile created on: 3/31/2011 2:28:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 779.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 45.28 Gb Free Space | 30.38% Space Free | Partition Type: NTFS
Drive D: | 266.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MIKE-86AB86A5C9 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 14:25:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/03/31 14:25:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/11 01:36:10 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/11 01:36:10 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/05/28 12:32:34 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/02/28 15:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/05 16:22:36 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2004/09/07 15:25:12 | 001,151,090 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2003/06/18 09:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/02/04 08:22:30 | 000,181,312 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess)

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 06:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 06:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 06:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 06:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 06:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 06:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 06:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/30 12:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/09 00:21:42 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/09/09 00:21:39 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 12:33:14 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/04/13 12:40:50 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/07 13:39:50 | 000,045,848 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/28 15:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2006/06/21 11:47:36 | 000,015,488 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2006/02/16 17:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/07/13 12:08:20 | 000,033,890 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2004/12/29 00:34:10 | 000,167,424 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2004/09/07 15:27:38 | 000,028,544 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/09/07 15:27:22 | 000,091,136 | ---- | M] (Ahead Software AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/08/03 15:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/29 14:12:00 | 000,017,376 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt680x.sys -- (GT680xNT)
DRV - [2003/06/18 09:53:08 | 000,138,485 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2003/06/18 09:53:08 | 000,063,002 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2003/06/18 09:53:08 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2003/06/18 09:53:08 | 000,038,997 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2003/06/18 09:53:08 | 000,036,826 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2003/06/18 09:53:08 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2002/07/01 19:30:16 | 000,095,232 | ---- | M] (IC Media Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ubVeo532.sys -- (DCamUSBVeo532)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/04/16 18:44:02 | 000,032,710 | ---- | M] (DAVICOM Semiconductor, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-21-583907252-796845957-725345543-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avas t.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/25 11:26:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.1b2\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 2\components [2010/03/09 12:03:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.1b2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 2\plugins [2011/03/26 07:29:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 10:06:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 07:29:30 | 000,000,000 | ---D | M]

[2009/12/29 14:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/03/25 09:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z03rh7r4.default\ext ensions
[2009/12/30 08:50:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z03rh7r4.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/30 15:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/24 13:07:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2004/11/12 20:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2007/09/05 13:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll

O1 HOSTS File: ([2011/02/13 01:50:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-583907252-796845957-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-796845957-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\poli cies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-796845957-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\poli cies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-796845957-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\poli cies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/09 13:18:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/15 07:13:57 | 000,000,184 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf c:\documents and settings\user\application data\iolo\) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

FuzzeeLogic · #6 March 31st, 2011, 10:49 PM

========== Files/Folders - Created Within 30 Days ==========

[2011/03/29 15:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2011/03/29 15:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/03/29 15:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/03/25 11:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/03/25 11:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2011/03/25 11:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/25 11:26:58 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/25 11:26:58 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/25 11:26:54 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/25 11:26:53 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/25 11:26:53 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/25 11:26:52 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/25 11:26:52 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/25 11:26:51 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/25 11:26:03 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/25 11:26:01 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/25 11:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/25 11:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/25 11:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\VS Revo Group
[2011/03/25 10:26:19 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/03/25 10:08:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/25 09:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2011/03/25 09:06:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/03/25 08:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/25 08:47:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/22 17:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pGlKcKfJpOe28101
[2011/03/20 23:50:16 | 000,000,000 | ---D | C] -- C:\b0acc128bfae2838cb
[2011/03/18 13:56:07 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\offreg.dll
[2011/03/15 17:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\lGhGmPl08200
[2008/12/20 14:39:41 | 000,017,376 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Gt680x.sys
[2006/08/15 19:37:43 | 002,075,704 | ---- | C] (Google) -- C:\Program Files\GoogleDesktopSetup.exe
[83 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/31 14:25:39 | 000,532,252 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/31 14:25:39 | 000,106,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/31 14:21:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 14:10:29 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{77B59254-201B-4F40-B716-EAB83F42AB8E}.job
[2011/03/31 13:35:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/31 13:33:18 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\RockMeltUpdateTaskUserS-1-5-21-583907252-796845957-725345543-1004UA.job
[2011/03/31 10:21:35 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 09:33:01 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\RockMeltUpdateTaskUserS-1-5-21-583907252-796845957-725345543-1004Core.job
[2011/03/31 08:08:12 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/31 08:08:12 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-796845957-725345543-1004.job
[2011/03/31 08:07:44 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/30 17:20:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/29 10:18:34 | 000,000,279 | ---- | M] () -- C:\Shortcut to Local Disk (C).lnk
[2011/03/28 10:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-796845957-725345543-1004.job
[2011/03/25 11:29:39 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/25 11:26:59 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/25 11:26:52 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/25 10:41:53 | 000,377,544 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2011/03/25 10:39:56 | 000,193,418 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2011/03/25 10:25:14 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011/03/25 08:46:31 | 004,302,235 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/03/23 14:50:53 | 000,091,836 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110323_145020.reg
[2011/03/22 17:39:50 | 000,001,328 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\74r60suxv276s074m
[2011/03/11 01:54:14 | 000,087,688 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2011/03/11 01:53:30 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2011/03/11 01:53:24 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2011/03/11 01:36:40 | 002,234,552 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator.dll
[83 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/29 10:18:34 | 000,000,279 | ---- | C] () -- C:\Shortcut to Local Disk (C).lnk
[2011/03/25 11:29:39 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/25 11:26:59 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/25 10:41:53 | 000,377,544 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2011/03/25 10:39:56 | 000,193,418 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2011/03/25 10:25:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011/03/23 14:50:27 | 000,091,836 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110323_145020.reg
[2011/03/22 17:39:48 | 000,001,328 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\74r60suxv276s074m
[2011/02/03 15:21:41 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2011/01/17 17:59:27 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/12/15 19:50:47 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/03/29 11:59:57 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/12/30 08:35:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/30 08:35:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/25 17:46:51 | 000,086,916 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/30 08:24:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/27 07:41:00 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/12/06 17:55:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/01 12:20:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SW_Win2000X1.DLL
[2008/09/01 12:20:19 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2008/09/01 12:17:37 | 000,003,815 | ---- | C] () -- C:\WINDOWS\CX_SearchHistory.INI
[2008/08/26 08:18:58 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/19 10:59:51 | 000,081,842 | ---- | C] () -- C:\WINDOWS\sp321544.dat
[2008/05/15 07:16:28 | 000,091,264 | ---- | C] () -- C:\WINDOWS\System32\fppjldyy.dll
[2008/05/15 04:55:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/05/15 04:55:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/05/15 04:55:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/05/14 09:11:32 | 000,090,240 | ---- | C] () -- C:\WINDOWS\System32\uivliysj.dll
[2008/05/10 17:08:00 | 000,000,000 | ---- | C] () -- C:\Program Files\uninstall.dat
[2008/03/29 18:29:39 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/03/29 18:29:39 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/03/29 18:29:39 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/03/29 18:29:39 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/03/29 18:29:39 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/03/29 18:29:39 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/03/29 18:29:39 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/03/29 18:29:39 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/03/29 18:29:39 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/03/29 18:29:39 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2008/03/29 18:29:39 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/03/29 18:29:39 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/03/29 18:29:39 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/03/29 18:29:39 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/03/29 18:29:39 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/03/29 18:29:39 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2008/03/29 18:29:39 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2008/03/29 18:29:39 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/03/29 18:29:39 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/17 11:21:24 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/09/11 07:46:39 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2007/09/03 08:33:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2007/09/01 13:40:32 | 000,002,180 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/05/05 04:08:21 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WBLOCKSP.INI
[2007/05/02 08:29:40 | 000,000,023 | ---- | C] () -- C:\WINDOWS\settings.ini
[2007/03/27 10:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 10:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/02/04 12:10:38 | 000,000,414 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2007/02/04 12:10:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/30 12:50:44 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/01/23 16:15:22 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/18 20:13:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006/10/13 13:22:25 | 000,017,920 | ---- | C] () -- C:\WINDOWS\WebFerretUninstall.exe
[2006/10/13 13:22:25 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\NetFerret.dll
[2006/10/07 08:33:07 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WB3USER.INI
[2006/09/09 11:25:13 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/09/09 08:37:20 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2006/09/09 08:24:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/08/15 19:56:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/11 21:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 21:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/11 21:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/10 09:08:50 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/10 07:26:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/10 07:26:40 | 000,005,693 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/10 06:50:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\swunilog.ini
[2006/08/09 13:20:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/09 13:16:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/09 06:04:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/09 06:03:25 | 000,380,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/24 12:44:42 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2006/04/24 12:44:42 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.b in
[2006/04/18 15:48:14 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2006/04/18 15:47:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2006/04/18 15:47:40 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/04/18 15:47:30 | 000,005,044 | ---- | C] () -- C:\WINDOWS\System32\pqsperf.ini
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,532,252 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,106,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/23 22:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/02/19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003/02/04 08:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2002/08/09 13:15:16 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/07/01 18:44:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Veo532ut.dll
[2002/03/16 17:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000035.DLL
[2002/01/08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/08/20 14:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\(=Ø:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

FuzzeeLogic · #7 March 31st, 2011, 10:58 PM

OTL Extras logfile created on: 3/31/2011 2:28:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 779.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 45.28 Gb Free Space | 30.38% Space Free | Partition Type: NTFS
Drive D: | 266.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MIKE-86AB86A5C9 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-583907252-796845957-725345543-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet

isabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet

isabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\FerretSoft\WebFerret\WebFerret.exe" = C:\Program Files\FerretSoft\WebFerret\WebFerret.exe:*:Enabled :WebFerret 5.0 -- (CNET Networks)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1E187923-04E5-4E1F-9BF2-40E32D93A1C4}" = HP Color LaserJet CP1210 Series Toolbox
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 14
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (EDSINSTANCE)
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{3192A00C-7336-48C6-8BD7-54B9CFA6F7C1}" = Windows Rights Management Client
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7279647E-8661-48DF-998E-E7DCC3E6955D}" = Microsoft Office Live Meeting 2005
"{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live Stream
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A42F680-2DD6-11D4-9A8C-0040F6982C20}" =
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{92596597-71B3-4608-8628-AD48F2664EB9}" = Retrospect 7.5
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}" = WhiteSmoke
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D2F5287E-5F0E-447B-9157-B08AA4E2AC76}" = Opera 9.60
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE4997B5-55AD-4878-97A7-C9FA84FE23C7}" = PSUsage
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3A52623-4890-415D-A43A-F71A3A39C273}" = HPCarePackProducts
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FC656543-4E4C-46F8-86F0-F9F907ABE5FD}" = HP LaserJet Toolbox
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Branding" =
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Connection Manager" =
"Defraggler" = Defraggler (remove only)
"DirectDrawEx" =
"E-mail Extractor_is1" = E-mail Extractor v.2.2
"Fontcore" =
"FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD 0096.1" = FOX News Live Stream
"Good Keywords Gold_is1" = Good Keywords Gold v2.0.100107
"Good Keywords v2.01_is1" = Good Keywords v2.01.100107
"Good Keywords v3_is1" = Good Keywords v3 042209
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"IEData" =
"IM ToolPad_is1" = IM ToolPad v2008.091907
"InCD!UninstallKey" =
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MobileOptionPack" =
"Mozilla Firefox (3.1b2)" = Mozilla Firefox (3.1b2)
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"Nero - Burning Rom!UninstallKey" =
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"PCHealth" =
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"SchedulingAgent" =

FuzzeeLogic · #8 March 31st, 2011, 11:00 PM

"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SnagIt7" = SnagIt 7
"SystemRequirementsLab" = System Requirements Lab
"TweakNow RegCleaner Standard_is1" = TweakNow RegCleaner Standard
"Visioneer OneTouch 7300" = Visioneer OneTouch 7300
"WebCEO70_is1" = Web CEO 7.5
"WebFerret" = WebFerret
"WIC" =
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Writer's Blocks" = Writer's Blocks
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/30/2011 12:31:31 AM | Computer Name = MIKE-86AB86A5C9 | Source = MSSQL$EDSINSTANCE | ID = 17190
Description = FallBack certificate initialization failed with error code: 1.

Error - 3/30/2011 10:37:42 AM | Computer Name = MIKE-86AB86A5C9 | Source = MSSQL$EDSINSTANCE | ID = 15466
Description = An error occurred during decryption.

Error - 3/30/2011 10:37:52 AM | Computer Name = MIKE-86AB86A5C9 | Source = MSSQL$EDSINSTANCE | ID = 17190
Description = FallBack certificate initialization failed with error code: 1.

Error - 3/30/2011 11:22:30 PM | Computer Name = MIKE-86AB86A5C9 | Source = Windows Search Service | ID = 3102
Description =

Error - 3/30/2011 11:24:18 PM | Computer Name = MIKE-86AB86A5C9 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 3/30/2011 11:24:21 PM | Computer Name = MIKE-86AB86A5C9 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.

Error - 3/30/2011 11:24:24 PM | Computer Name = MIKE-86AB86A5C9 | Source = NativeWrapper | ID = 5000
Description =

Error - 3/31/2011 11:08:42 AM | Computer Name = MIKE-86AB86A5C9 | Source = MSSQL$EDSINSTANCE | ID = 15466
Description = An error occurred during decryption.

Error - 3/31/2011 11:08:52 AM | Computer Name = MIKE-86AB86A5C9 | Source = MSSQL$EDSINSTANCE | ID = 17190
Description = FallBack certificate initialization failed with error code: 1.

Error - 3/31/2011 5:19:07 PM | Computer Name = MIKE-86AB86A5C9 | Source = Windows Search Service | ID = 3102
Description =

[ ODiag Events ]
Error - 8/11/2006 4:42:21 AM | Computer Name = MIKE-86AB86A5C9 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 1/2/2007 11:21:27 AM | Computer Name = MIKE-86AB86A5C9 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 64sh. Error code: N/A

[ OSession Events ]
Error - 2/7/2011 1:26:10 PM | Computer Name = MIKE-86AB86A5C9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 717
seconds with 120 seconds of active time. This session ended with a crash.

Error - 2/9/2011 10:49:57 PM | Computer Name = MIKE-86AB86A5C9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 162
seconds with 60 seconds of active time. This session ended with a crash.

Error - 2/10/2011 4:30:36 PM | Computer Name = MIKE-86AB86A5C9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 162
seconds with 120 seconds of active time. This session ended with a crash.

Error - 2/11/2011 5:22:08 PM | Computer Name = MIKE-86AB86A5C9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 174
seconds with 120 seconds of active time. This session ended with a crash.

Error - 2/14/2011 12:06:36 AM | Computer Name = MIKE-86AB86A5C9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 180
seconds with 120 seconds of active time. This session ended with a crash.

Error - 2/19/2011 12:49:17 PM | Computer Name = MIKE-86AB86A5C9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 235
seconds with 120 seconds of active time. This session ended with a crash.

Error - 2/23/2011 1:02:54 PM | Computer Name = MIKE-86AB86A5C9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 169
seconds with 120 seconds of active time. This session ended with a crash.

Error - 3/4/2011 12:16:53 PM | Computer Name = MIKE-86AB86A5C9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1545
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/17/2011 11:09:04 AM | Computer Name = MIKE-86AB86A5C9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 166
seconds with 120 seconds of active time. This session ended with a crash.

Error - 3/19/2011 9:24:11 PM | Computer Name = MIKE-86AB86A5C9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 161
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/31/2011 11:10:17 AM | Computer Name = MIKE-86AB86A5C9 | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 3/31/2011 11:10:17 AM | Computer Name = MIKE-86AB86A5C9 | Source = Print | ID = 23
Description = Printer PaperPort failed to initialize because a suitable PaperPort
Mono Printer Driver driver could not be found.

Error - 3/31/2011 11:10:17 AM | Computer Name = MIKE-86AB86A5C9 | Source = Print | ID = 23
Description = Printer PaperPort Color failed to initialize because a suitable PaperPort
Color Printer Driver driver could not be found.

Error - 3/31/2011 11:10:17 AM | Computer Name = MIKE-86AB86A5C9 | Source = Print | ID = 23
Description = Printer SnagIt 7 failed to initialize because a suitable SnagIt 7
Printer driver could not be found.

Error - 3/31/2011 3:18:01 PM | Computer Name = MIKE-86AB86A5C9 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/31/2011 3:18:01 PM | Computer Name = MIKE-86AB86A5C9 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/31/2011 3:18:01 PM | Computer Name = MIKE-86AB86A5C9 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/31/2011 3:18:01 PM | Computer Name = MIKE-86AB86A5C9 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/31/2011 5:22:03 PM | Computer Name = MIKE-86AB86A5C9 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/31/2011 5:22:29 PM | Computer Name = MIKE-86AB86A5C9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi Fips intelppm Lbd SASDIFSV SASKUTIL

< End of report >

Mosaic1 · #9 April 2nd, 2011, 06:18 AM

While in Safe Mode with networking:
Run otl.exe
Paste the contents of the code box into the Custom Scan box.
Click the run fix button.

Code:

:OTL

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
[83 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\(=Ø:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

:Files
C:\Documents and Settings\All Users\Application Data\pGlKcKfJpOe28101
C:\b0acc128bfae2838cb
C:\Documents and Settings\All Users\Application Data\74r60suxv276s074m
C:\Documents and Settings\All Users\Application Data\lGhGmPl08200
C:\Documents and Settings\All Users\Application Data\74r60suxv276s074m
C:\WINDOWS\System32\fppjldyy.dll
C:\WINDOWS\System32\uivliysj.dll
C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc


/MD5START
rundll32.exe 
/MD5STOP 

:Commands
[EMPTYTEMP]

This is going to reboot the system. Let it boot to regular windows. Post the contents of the log it will produce and open.

We'll have more to do.

FuzzeeLogic · #10 April 3rd, 2011, 04:57 PM

When the reboot executes to regular Windows (after running OTL w/code), it presents an "Open With" menu, not the log files I was expecting. Can I reboot back into Safe Modem, and will OTL produce the log files as expected?

Mosaic1 · #11 April 3rd, 2011, 10:24 PM

Which program does it list as needing to use open with? If the logs,open wth notepad.

IF otl.exe ,then open with Otl.exe.

Let me know if that works.

FuzzeeLogic · #12 April 4th, 2011, 09:33 PM

1. Bottom line: Neither worked.
2. Using Notepad from the "Open With" produced a text file of gibberish.
3. Attempting the "OTL.exe" approach (OTL was not listed as an option on the Open With menu), I found a "_OTL" folder on the C:\\, but it doesn't contain any .exe extensions.
4. Found a possible work-around in the form of a recommendation for individuals who couldn't open .exe applications: Download OTL.exe as OTL.com, or OTL.scr.
5. I downloaded the OTL.com option to my Downloads folder. Magically, that download installed an OTL.exe listing in the Open With menu.
6. I then chose OTL to open the Notepad files.
7. As soon as I hit the Enter button the Open With menu disappeared for about 7-8 seconds; then, the blue screen I was looking at refreshed itself and next, in a nano-second flash, I saw what I bet was a Notepad file trying to open. (I do mean a nano-second flash.)
8. Then the desktop appeared with my normal icons.
9. Then, nothing more.

Mosaic1 · #13 April 5th, 2011, 12:36 AM

Quote:

Using Notepad from the "Open With" produced a text file of gibberish.

That wasn't gibberish. That was Otl.exe. You actually opened otl.exe in notepad.

When the open with box appears, you can choose Other program and then guide to the location of otl.exe

Look for otl.txt and then check the date created.

FuzzeeLogic · #14 April 5th, 2011, 01:13 AM

Will do. Back in about twelve hours.

FuzzeeLogic · #15 April 5th, 2011, 05:02 PM

1. Below is an example of the gibberish created when I rebooted into Regular Windows (after running OTL with your code in the Custom Scan Code box).
____________________________________________
MZP ÿÿ ¸ @ º ´ Í!¸LÍ!This program must be run under Win32
$7 PE L ^B* à Ž † ¾ @ ð# TÈ @ „ß# À# ì# D CODE °# ª PEC2O ` à.rsrc 0 À# . ® à ¸Èëc Pdÿ5 d‰% 3À‰PECompact2 _¬“öÚJ>bd„I¡·?Àý
*wÒÚìJ[þçIlŠÏ
vDŒçul"é<Cçþx JR['ÈíiÊºË®ÞiàÒ'€.”j½]¾ÇÉ<¸³÷YO™Ò®º˜4 5]eÜäµ´îÑ,£þW·]Òé¥/îZËkº×Ïn}ISi˜Ì7è×îZKdŒ’·eÐ(péKê•û:îøÍ"ô–u±„£G FOÏöO:0ú¯´9yŽé b‘rq-$sU¶ª•í«ïºà?Nº[ ‹IèöNåFžDÒÛI;ô¿c3b>/y(¿oÆOx† üù} ´#ˆµ
C•Áê½ÿá[l:‚ØÁ×õ,¤‚@ý3Òÿ£C¼îó DÑd[ ¹†*Š¾ÉÊÙ¢Ú6W”ÊNù¿¤Â¡Ú`áÀ·¬:_ŸEîMRcŽ]Ê·±éÀKØF‚îFŒáÆË
Ñ“w¢‘oÏì0ÚûÌnížµ+ÆÁ¼
=*nÕ¿CD,jp]‚6™Qã!S½”–wº·Ê–S/ép?´mío4¬¼öâ…A±(LãÖ~¿,Î`Ù*ž§ÉezD»I®Ö¶‰7¯ óahCiW†8õ~ß¤¨.¯Ê#uŸ©á}ŠzL/”örË’îÁ¢ÍHSÆ>!,ˆq?,4÷Ä«Ziÿø 3Í˜¯¹m‚ˆý•åŒŒÖÎHV_«Õ{~:GÄÐÅ¢™ÅèÐ'ä=4…‹-|¥Us-ùMÕø–~s¶VŠdîk82¸º!ŠFR}«X¦ŠÃÙ…÷r¿/X0!N]@O¹Ž™Nµa7™…>(ˆÐzƒ·°–Íj+ÃZyrÉcaÀ± H.Z}b”ŸórÞÏðƒB¥ÌÊñž¦°Ñ{1å/„*È™x×‘Gxà§ìÐ3 ®Ò.ÿŠæ‹Fø’5’¯C£›ž'ÖO‘µr†ÌëDex$Å¦
kvÒ™Rcx}¦Ô5T»æÚO:ÄÒD¤Ü8Akr““ŽÌ üHÒÖ4°0"*¹óB‰˜½;Ýp†¦îM.€ÿ#y¬–¿‚XÅºm©)²ü”¹Z» ,Ø`Ú¨bFúÜºý¯öòìØÒšíÂ0ëNTó*e*
’
å²²\~‰F’°'ÎÝT‰?Æé{«Š³õRôDYuá•”îF¨>¢`
__________________________________________
Now I'll to try opening the Notepad files using OTL.exe.

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
rundll32 missing	FuzzeeLogic	Windows XP	2	March 29th, 2011 10:11 PM
How Do I Fix a rundll32 thats missing?	Vampemo2	Malware Removal	67	January 29th, 2010 04:19 AM
rundll32 missing	nicash	Windows 98	5	October 7th, 2004 01:42 AM
Rundll32.exe missing.	NittleGrasper	Windows NT, 2000, 2003, 2008, 2012	2	July 17th, 2004 05:35 AM
rundll32 damaged or missing	esunadu	Windows ME	4	May 8th, 2004 12:05 AM