Help
This topic is locked
OTL.txt:
OTL logfile created on: 6/29/2011 5:40:05 PM - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.56% Memory free
2.23 Gb Paging File | 1.58 Gb Available in Paging File | 71.04% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.66 Gb Free Space | 25.96% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1.86 Gb Total Space | 1.82 Gb Free Space | 97.54% Space Free | Partition Type: FAT
Drive G: | 665.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 1862.36 Gb Total Space | 1821.59 Gb Free Space | 97.81% Space Free | Partition Type: NTFS
Computer Name: GS-C3NHB1U3L3TS | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\User\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\User\Desktop\OTL(1).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (Graphics driver) -- File not found
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Pml Driver) -- C:\WINDOWS\system32\hphipm09.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)
DRV - (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09) -- C:\WINDOWS\system32\drivers\hphs2k09.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH09) -- C:\WINDOWS\system32\drivers\hphius09.sys (HP)
DRV - (Dot4Print HPH09) -- C:\WINDOWS\system32\drivers\hphipr09.sys (HP)
DRV - (Dot4 HPH09) -- C:\WINDOWS\system32\drivers\hphid409.sys (HP)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: u4ffxtbr@Guffins.com:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/08/21 03:11:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/06/12 15:29:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 21:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 21:30:39 | 000,000,000 | ---D | M]
[2009/11/09 12:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/11/09 12:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/03/21 07:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions
[2010/11/04 07:46:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 08:45:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/11 08:29:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/06 09:46:38 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\2020Player@2020Technologies.com
[2010/10/01 10:45:04 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\support@predictad.com
[2011/03/11 10:14:07 | 000,009,946 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\searchplugins\Guffins.xml
[2011/06/12 15:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/27 21:48:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/06/12 15:30:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/12 15:29:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/15 22:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/06/12 15:29:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2006/10/26 22:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/12/21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/01/12 07:43:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/01/12 07:43:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/01/12 07:43:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/01/12 07:43:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/01/12 07:43:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/01/12 07:43:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/01/12 07:43:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/11/06 11:20:16 | 000,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2010/01/01 02:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/10/01 11:19:24 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 02:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 02:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 02:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/01/01 02:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/01/01 02:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/06/28 07:39:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/03 13:13:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/29 16:44:07 | 000,000,088 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/29 17:25:38 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL(1).exe
[2011/06/28 22:04:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/28 21:44:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/28 14:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/28 14:49:21 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
[2011/06/27 21:49:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/27 21:46:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/27 21:46:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/27 21:46:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/27 21:46:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/27 21:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/27 21:46:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/18 10:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\gmer
[2011/06/18 10:28:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2011/06/18 10:27:31 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.scr
[2011/06/12 15:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/12 15:30:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/12 15:30:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/12 15:30:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/12 15:30:20 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/12 15:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/06/12 15:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Secunia PSI
[2011/06/12 15:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/06/12 15:09:23 | 001,739,400 | ---- | C] (Secunia) -- C:\Documents and Settings\User\Desktop\PSISetup.exe
[2011/06/12 12:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2011/06/12 12:08:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/12 12:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 12:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/12 12:08:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/12 12:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/12 12:07:46 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/12 11:43:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Recent
[2011/06/12 11:29:59 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\123.exe
[2011/06/02 15:45:02 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/29 17:25:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL(1).exe
[2011/06/28 17:01:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/28 14:49:30 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
[2011/06/28 07:39:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/28 03:27:00 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 03:25:58 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/28 03:25:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/27 21:58:29 | 402,653,184 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/06/27 21:49:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/27 21:48:14 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 21:44:16 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\User\Desktop\comfix.exe.lnk
[2011/06/27 21:17:12 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Kxekoxaxedak.dat
[2011/06/27 11:25:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kgehuzel.bin
[2011/06/19 18:09:32 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/18 10:37:52 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2011/06/18 10:24:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2011/06/18 10:21:10 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.scr
[2011/06/18 10:20:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Defogger.exe
[2011/06/12 15:29:57 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/12 15:29:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/12 15:29:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/12 15:29:57 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/12 15:29:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/12 15:18:42 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/12 15:05:24 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\User\Desktop\PSISetup.exe
[2011/06/12 15:03:38 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\User\Desktop\unhide.exe
[2011/06/12 12:08:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 12:01:16 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/12 11:37:43 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22667044r
[2011/06/12 11:37:43 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22667044
[2011/06/12 11:25:30 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\123.exe
[2011/06/12 11:02:20 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\User\Desktop\iExplore.exe
[2011/06/09 17:08:16 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\22667044
[2011/06/08 11:59:18 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ylog
[2011/06/04 01:58:33 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\mlog
[2011/06/02 14:38:22 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk
[2011/06/02 14:38:21 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Dropbox.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/27 21:55:03 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/06/27 21:54:29 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/27 21:54:29 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/27 21:54:28 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/06/27 21:54:28 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Burn CD & DVDs with Roxio.lnk
[2011/06/27 21:54:28 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB.lnk
[2011/06/27 21:54:27 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/27 21:54:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/27 21:54:27 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/06/27 21:49:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/27 21:49:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/27 21:48:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/27 21:46:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/27 21:46:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/27 21:46:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/27 21:46:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/27 21:46:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/27 21:44:16 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\User\Desktop\comfix.exe.lnk
[2011/06/18 10:40:37 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2011/06/18 10:24:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2011/06/18 10:20:19 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Defogger.exe
[2011/06/12 15:18:42 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/12 15:18:42 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/06/12 15:15:25 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/12 15:15:25 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/12 15:15:25 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/12 15:15:24 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SoapMaker3.lnk
[2011/06/12 15:15:24 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
[2011/06/12 15:15:24 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/12 15:15:24 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2011/06/12 15:15:24 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/12 15:15:24 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Help.lnk
[2011/06/12 15:15:24 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/12 15:15:24 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cricut DesignStudio.lnk
[2011/06/12 15:15:24 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/12 15:15:24 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/12 15:15:24 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2011/06/12 15:15:24 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk
[2011/06/12 15:15:24 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/12 15:15:24 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalBurner.lnk
[2011/06/12 15:09:05 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\User\Desktop\unhide.exe
[2011/06/12 12:08:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 11:06:42 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\User\Desktop\iExplore.exe
[2011/06/09 16:38:32 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22667044r
[2011/06/09 16:38:32 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22667044
[2011/06/09 16:38:23 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22667044
[2011/06/03 11:46:16 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\mlog
[2011/06/03 11:45:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ylog
[2011/04/03 01:31:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Kxekoxaxedak.dat
[2011/04/03 01:31:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kgehuzel.bin
[2010/12/19 20:16:39 | 000,000,471 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2010/11/05 08:42:31 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/01 11:59:42 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2010/09/30 21:15:47 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/09/30 21:15:47 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/30 21:15:44 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/30 21:15:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/30 21:15:42 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/07 15:00:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/25 10:20:38 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 10:14:17 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009/11/28 13:00:43 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2009/11/20 09:22:03 | 000,069,888 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/09 12:22:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/08 21:05:54 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2009/11/08 21:00:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2009/11/08 21:00:40 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2009/11/08 20:55:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2009/10/03 13:15:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 13:11:11 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 06:05:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/03 06:04:34 | 000,327,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/09/03 10:52:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 10:51:54 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 10:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2009/11/12 09:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/11/05 08:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/05/18 18:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/13 21:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/30 21:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[2011/06/28 03:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2011/01/19 13:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileZilla
[2010/09/30 21:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FinalBurner Video DVD
[2010/12/19 20:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iScreensaver
[2010/12/19 20:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LEGO Company
[2011/02/02 10:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SoapMakerData
[2011/04/04 09:01:26 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job
[2011/06/28 03:25:58 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
========== Purity Check ==========
< End of report >
Extras.txt:
OTL Extras logfile created on: 6/29/2011 5:40:05 PM - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.56% Memory free
2.23 Gb Paging File | 1.58 Gb Available in Paging File | 71.04% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.66 Gb Free Space | 25.96% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1.86 Gb Total Space | 1.82 Gb Free Space | 97.54% Space Free | Partition Type: FAT
Drive G: | 665.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 1862.36 Gb Total Space | 1821.59 Gb Free Space | 97.81% Space Free | Partition Type: NTFS
Computer Name: GS-C3NHB1U3L3TS | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.23.0.193
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C374853-D0D7-4503-9664-3A8D05D3C638}" = WD SmartWare
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{64F06547-9B78-4B0A-9488-03998D366367}" = SoapMaker3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avi2Dvd" = Avi2Dvd 0.6.1
"AviSynth" = AviSynth 2.5
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Cricut DesignStudio" = Cricut DesignStudio
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"FileZilla Client" = FileZilla Client 3.3.5.1
"GoToAssist" = GoToAssist 8.0.0.514
"hp photosmart P1000 series_Driver" = hp photosmart P1000 series
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Macromedia Dreamweaver 2" = Macromedia Dreamweaver 2
"Macromedia Dreamweaver 3" = Macromedia Dreamweaver 3
"Macromedia Fireworks 3" = Macromedia Fireworks 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel® PRO Network Adapters and Drivers
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"UnityWebPlayer" = Unity Web Player (All users)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WMFDist11" = Windows Media Format 11 runtime
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/11/2011 11:03:55 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module odoqepic.dll, version 0.0.0.0, fault address 0x00025e4b.
Error - 6/12/2011 3:26:18 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Application Error | ID = 1000
Description = Faulting application taskmanager.exe, version 1.0.0.20, faulting module
taskmanager.exe, version 1.0.0.20, fault address 0x0000c942.
Error - 6/12/2011 1:45:59 PM | Computer Name = GS-C3NHB1U3L3TS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008cb40.
Error - 6/12/2011 5:32:46 PM | Computer Name = GS-C3NHB1U3L3TS | Source = iNOSSO® | ID = 0
Description =
Error - 6/13/2011 11:59:40 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module odoqepic.dll, version 0.0.0.0, fault address 0x00025e4b.
Error - 6/19/2011 8:10:03 PM | Computer Name = GS-C3NHB1U3L3TS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/28/2011 7:00:21 PM | Computer Name = GS-C3NHB1U3L3TS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/28/2011 11:54:29 PM | Computer Name = GS-C3NHB1U3L3TS | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.
Error - 6/29/2011 12:12:45 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.
Error - 6/29/2011 7:34:47 PM | Computer Name = GS-C3NHB1U3L3TS | Source = Application Hang | ID = 1002
Description = Hanging application OTL(1).exe, version 3.2.24.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ OSession Events ]
Error - 3/8/2011 1:03:12 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/28/2011 5:15:16 PM | Computer Name = GS-C3NHB1U3L3TS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
Error - 6/6/2011 11:09:22 PM | Computer Name = GS-C3NHB1U3L3TS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 221070
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 6/22/2011 12:37:42 PM | Computer Name = GS-C3NHB1U3L3TS | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.
Error - 6/24/2011 4:54:29 PM | Computer Name = GS-C3NHB1U3L3TS | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 6/28/2011 12:01:04 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Graphics driver service
to connect.
Error - 6/28/2011 12:01:04 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Service Control Manager | ID = 7023
Description = The SAP Agent service terminated with the following error: %%126
Error - 6/28/2011 12:01:04 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WD File Management Engine
service to connect.
Error - 6/28/2011 12:01:04 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Service Control Manager | ID = 7000
Description = The WD File Management Engine service failed to start due to the following
error: %%1053
Error - 6/28/2011 1:04:36 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WD File Management Engine
service to connect.
Error - 6/28/2011 1:04:36 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Service Control Manager | ID = 7000
Description = The WD File Management Engine service failed to start due to the following
error: %%1053
Error - 6/28/2011 1:04:36 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WD File Management Shadow
Engine service to connect.
Error - 6/28/2011 1:04:36 AM | Computer Name = GS-C3NHB1U3L3TS | Source = Service Control Manager | ID = 7000
Description = The WD File Management Shadow Engine service failed to start due to
the following error: %%1053
< End of report >
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
PC Performance & Stability/Windows XP Restore Have tried self help and still having problems
Back to top
#17
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,103
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 30 June 2011 - 05:57 PM
Open OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Then click the Run Fix button at the top
Let the program run unhindered.
When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please rerun OTL on scan and post the new log
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - File not found
[2011/06/27 21:17:12 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Kxekoxaxedak.dat
[2011/06/27 11:25:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kgehuzel.bin
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
Then click the Run Fix button at the top
Let the program run unhindered.
When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please rerun OTL on scan and post the new log
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#18
- Member
-
- Group: Members
- Posts: 20
- Joined: 10-June 11
Posted 30 June 2011 - 06:43 PM
m0le -
Just a note for you, that when I went back into my content, it did not redirect me this time - yeah!!!
========== OTL ==========
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
C:\WINDOWS\Kxekoxaxedak.dat moved successfully.
C:\WINDOWS\Kgehuzel.bin moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
OTL by OldTimer - Version 3.2.24.2 log created on 06302011_174030
Just a note for you, that when I went back into my content, it did not redirect me this time - yeah!!!
========== OTL ==========
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
C:\WINDOWS\Kxekoxaxedak.dat moved successfully.
C:\WINDOWS\Kgehuzel.bin moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
OTL by OldTimer - Version 3.2.24.2 log created on 06302011_174030
#19
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,103
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 30 June 2011 - 07:18 PM
That's encouraging. Please run OTL again and post the log. 
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#20
- Member
-
- Group: Members
- Posts: 20
- Joined: 10-June 11
Posted 30 June 2011 - 09:15 PM
m0le -
I was working on that when I posted the other log
. Here is the OTL log, but it did redirect me this time 
.
OTL logfile created on: 6/30/2011 5:44:43 PM - Run 2
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.05% Memory free
2.23 Gb Paging File | 1.59 Gb Available in Paging File | 71.21% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.63 Gb Free Space | 25.87% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1.86 Gb Total Space | 1.82 Gb Free Space | 97.54% Space Free | Partition Type: FAT
Drive G: | 665.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 1862.36 Gb Total Space | 1821.56 Gb Free Space | 97.81% Space Free | Partition Type: NTFS
Computer Name: GS-C3NHB1U3L3TS | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\User\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\User\Desktop\OTL(1).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (Microsoft Corporation)
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (Graphics driver) -- File not found
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Pml Driver) -- C:\WINDOWS\system32\hphipm09.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)
DRV - (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09) -- C:\WINDOWS\system32\drivers\hphs2k09.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH09) -- C:\WINDOWS\system32\drivers\hphius09.sys (HP)
DRV - (Dot4Print HPH09) -- C:\WINDOWS\system32\drivers\hphipr09.sys (HP)
DRV - (Dot4 HPH09) -- C:\WINDOWS\system32\drivers\hphid409.sys (HP)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: u4ffxtbr@Guffins.com:1.1
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 21:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 21:30:39 | 000,000,000 | ---D | M]
[2009/11/09 12:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/03/21 07:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions
[2010/11/04 07:46:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 08:45:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/11 08:29:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/06 09:46:38 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\2020Player@2020Technologies.com
[2010/10/01 10:45:04 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\support@predictad.com
[2011/03/11 10:14:07 | 000,009,946 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\searchplugins\Guffins.xml
[2011/06/12 15:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/12 15:30:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/12 15:29:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/15 22:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/06/12 15:29:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 02:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/10/01 11:19:24 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 02:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 02:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 02:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/06/28 07:39:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/03 13:13:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/29 16:44:07 | 000,000,088 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/30 17:40:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/29 17:25:38 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL(1).exe
[2011/06/28 22:04:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/28 21:44:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/28 14:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/28 14:49:21 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
[2011/06/27 21:49:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/27 21:46:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/27 21:46:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/27 21:46:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/27 21:46:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/27 21:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/27 21:46:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/18 10:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\gmer
[2011/06/18 10:28:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2011/06/18 10:27:31 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.scr
[2011/06/12 15:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/12 15:30:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/12 15:30:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/12 15:30:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/12 15:30:20 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/12 15:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/06/12 15:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Secunia PSI
[2011/06/12 15:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/06/12 15:09:23 | 001,739,400 | ---- | C] (Secunia) -- C:\Documents and Settings\User\Desktop\PSISetup.exe
[2011/06/12 12:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2011/06/12 12:08:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/12 12:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 12:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/12 12:08:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/12 12:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/12 12:07:46 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/12 11:43:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Recent
[2011/06/12 11:29:59 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\123.exe
[2011/06/02 15:45:02 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/29 17:25:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL(1).exe
[2011/06/28 17:01:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/28 14:49:30 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
[2011/06/28 07:39:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/28 03:27:00 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 03:25:58 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/28 03:25:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/27 21:58:29 | 402,653,184 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/06/27 21:49:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/27 21:48:14 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 21:44:16 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\User\Desktop\comfix.exe.lnk
[2011/06/19 18:09:32 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/18 10:37:52 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2011/06/18 10:24:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2011/06/18 10:21:10 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.scr
[2011/06/18 10:20:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Defogger.exe
[2011/06/12 15:29:57 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/12 15:29:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/12 15:29:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/12 15:29:57 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/12 15:29:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/12 15:18:42 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/12 15:05:24 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\User\Desktop\PSISetup.exe
[2011/06/12 15:03:38 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\User\Desktop\unhide.exe
[2011/06/12 12:08:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 12:01:16 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/12 11:37:43 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22667044r
[2011/06/12 11:37:43 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22667044
[2011/06/12 11:25:30 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\123.exe
[2011/06/12 11:02:20 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\User\Desktop\iExplore.exe
[2011/06/09 17:08:16 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\22667044
[2011/06/08 11:59:18 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ylog
[2011/06/04 01:58:33 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\mlog
[2011/06/02 14:38:22 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk
[2011/06/02 14:38:21 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Dropbox.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/27 21:55:03 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/06/27 21:54:29 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/27 21:54:29 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/27 21:54:28 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/06/27 21:54:28 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Burn CD & DVDs with Roxio.lnk
[2011/06/27 21:54:28 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB.lnk
[2011/06/27 21:54:27 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/27 21:54:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/27 21:54:27 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/06/27 21:49:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/27 21:49:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/27 21:48:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/27 21:46:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/27 21:46:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/27 21:46:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/27 21:46:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/27 21:46:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/27 21:44:16 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\User\Desktop\comfix.exe.lnk
[2011/06/18 10:40:37 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2011/06/18 10:24:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2011/06/18 10:20:19 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Defogger.exe
[2011/06/12 15:18:42 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/12 15:18:42 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/06/12 15:15:25 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/12 15:15:25 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/12 15:15:25 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/12 15:15:24 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SoapMaker3.lnk
[2011/06/12 15:15:24 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
[2011/06/12 15:15:24 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/12 15:15:24 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2011/06/12 15:15:24 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/12 15:15:24 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Help.lnk
[2011/06/12 15:15:24 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/12 15:15:24 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cricut DesignStudio.lnk
[2011/06/12 15:15:24 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/12 15:15:24 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/12 15:15:24 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2011/06/12 15:15:24 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk
[2011/06/12 15:15:24 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/12 15:15:24 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalBurner.lnk
[2011/06/12 15:09:05 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\User\Desktop\unhide.exe
[2011/06/12 12:08:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 11:06:42 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\User\Desktop\iExplore.exe
[2011/06/09 16:38:32 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22667044r
[2011/06/09 16:38:32 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22667044
[2011/06/09 16:38:23 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22667044
[2011/06/03 11:46:16 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\mlog
[2011/06/03 11:45:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ylog
[2010/12/19 20:16:39 | 000,000,471 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2010/11/05 08:42:31 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/01 11:59:42 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2010/09/30 21:15:47 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/09/30 21:15:47 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/30 21:15:44 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/30 21:15:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/30 21:15:42 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/07 15:00:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/25 10:20:38 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 10:14:17 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009/11/28 13:00:43 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2009/11/20 09:22:03 | 000,069,888 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/09 12:22:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/08 21:05:54 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2009/11/08 21:00:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2009/11/08 21:00:40 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2009/11/08 20:55:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2009/10/03 13:15:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 13:11:11 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 06:05:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/03 06:04:34 | 000,327,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/09/03 10:52:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 10:51:54 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 10:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
< End of report >
I was working on that when I posted the other log
. Here is the OTL log, but it did redirect me this time .OTL logfile created on: 6/30/2011 5:44:43 PM - Run 2
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.05% Memory free
2.23 Gb Paging File | 1.59 Gb Available in Paging File | 71.21% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.63 Gb Free Space | 25.87% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1.86 Gb Total Space | 1.82 Gb Free Space | 97.54% Space Free | Partition Type: FAT
Drive G: | 665.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 1862.36 Gb Total Space | 1821.56 Gb Free Space | 97.81% Space Free | Partition Type: NTFS
Computer Name: GS-C3NHB1U3L3TS | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\User\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\User\Desktop\OTL(1).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (Microsoft Corporation)
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (Graphics driver) -- File not found
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Pml Driver) -- C:\WINDOWS\system32\hphipm09.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)
DRV - (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09) -- C:\WINDOWS\system32\drivers\hphs2k09.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH09) -- C:\WINDOWS\system32\drivers\hphius09.sys (HP)
DRV - (Dot4Print HPH09) -- C:\WINDOWS\system32\drivers\hphipr09.sys (HP)
DRV - (Dot4 HPH09) -- C:\WINDOWS\system32\drivers\hphid409.sys (HP)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: u4ffxtbr@Guffins.com:1.1
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 21:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 21:30:39 | 000,000,000 | ---D | M]
[2009/11/09 12:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/03/21 07:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions
[2010/11/04 07:46:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 08:45:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/11 08:29:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/06 09:46:38 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\2020Player@2020Technologies.com
[2010/10/01 10:45:04 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\extensions\support@predictad.com
[2011/03/11 10:14:07 | 000,009,946 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ix7fx9dm.default\searchplugins\Guffins.xml
[2011/06/12 15:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/12 15:30:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/12 15:29:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/15 22:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/06/12 15:29:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 02:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/10/01 11:19:24 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 02:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 02:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 02:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/06/28 07:39:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/03 13:13:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/29 16:44:07 | 000,000,088 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/30 17:40:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/29 17:25:38 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL(1).exe
[2011/06/28 22:04:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/28 21:44:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/28 14:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/28 14:49:21 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
[2011/06/27 21:49:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/27 21:46:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/27 21:46:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/27 21:46:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/27 21:46:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/27 21:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/27 21:46:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/18 10:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\gmer
[2011/06/18 10:28:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2011/06/18 10:27:31 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.scr
[2011/06/12 15:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/12 15:30:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/12 15:30:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/12 15:30:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/12 15:30:20 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/12 15:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/06/12 15:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Secunia PSI
[2011/06/12 15:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/06/12 15:09:23 | 001,739,400 | ---- | C] (Secunia) -- C:\Documents and Settings\User\Desktop\PSISetup.exe
[2011/06/12 12:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2011/06/12 12:08:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/12 12:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 12:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/12 12:08:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/12 12:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/12 12:07:46 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/12 11:43:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Recent
[2011/06/12 11:29:59 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\123.exe
[2011/06/02 15:45:02 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/29 17:25:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL(1).exe
[2011/06/28 17:01:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/28 14:49:30 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
[2011/06/28 07:39:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/28 03:27:00 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 03:25:58 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/28 03:25:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/27 21:58:29 | 402,653,184 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/06/27 21:49:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/27 21:48:14 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 21:44:16 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\User\Desktop\comfix.exe.lnk
[2011/06/19 18:09:32 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/18 10:37:52 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2011/06/18 10:24:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2011/06/18 10:21:10 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.scr
[2011/06/18 10:20:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Defogger.exe
[2011/06/12 15:29:57 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/12 15:29:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/12 15:29:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/12 15:29:57 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/12 15:29:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/12 15:18:42 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/12 15:05:24 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\User\Desktop\PSISetup.exe
[2011/06/12 15:03:38 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\User\Desktop\unhide.exe
[2011/06/12 12:08:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 12:01:16 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2011/06/12 11:37:43 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22667044r
[2011/06/12 11:37:43 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22667044
[2011/06/12 11:25:30 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\123.exe
[2011/06/12 11:02:20 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\User\Desktop\iExplore.exe
[2011/06/09 17:08:16 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\22667044
[2011/06/08 11:59:18 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ylog
[2011/06/04 01:58:33 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\mlog
[2011/06/02 14:38:22 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk
[2011/06/02 14:38:21 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Dropbox.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/27 21:55:03 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/06/27 21:54:29 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/27 21:54:29 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/27 21:54:28 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/06/27 21:54:28 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Burn CD & DVDs with Roxio.lnk
[2011/06/27 21:54:28 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB.lnk
[2011/06/27 21:54:27 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/27 21:54:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/27 21:54:27 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/06/27 21:49:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/27 21:49:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/27 21:48:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/27 21:46:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/27 21:46:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/27 21:46:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/27 21:46:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/27 21:46:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/27 21:44:16 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\User\Desktop\comfix.exe.lnk
[2011/06/18 10:40:37 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2011/06/18 10:24:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2011/06/18 10:20:19 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Defogger.exe
[2011/06/12 15:18:42 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/12 15:18:42 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/06/12 15:15:25 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/12 15:15:25 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/12 15:15:25 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/12 15:15:24 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SoapMaker3.lnk
[2011/06/12 15:15:24 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
[2011/06/12 15:15:24 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/12 15:15:24 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2011/06/12 15:15:24 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/12 15:15:24 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Help.lnk
[2011/06/12 15:15:24 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/12 15:15:24 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cricut DesignStudio.lnk
[2011/06/12 15:15:24 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/12 15:15:24 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/12 15:15:24 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2011/06/12 15:15:24 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk
[2011/06/12 15:15:24 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/12 15:15:24 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalBurner.lnk
[2011/06/12 15:09:05 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\User\Desktop\unhide.exe
[2011/06/12 12:08:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 11:06:42 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\User\Desktop\iExplore.exe
[2011/06/09 16:38:32 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22667044r
[2011/06/09 16:38:32 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22667044
[2011/06/09 16:38:23 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22667044
[2011/06/03 11:46:16 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\mlog
[2011/06/03 11:45:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ylog
[2010/12/19 20:16:39 | 000,000,471 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2010/11/05 08:42:31 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/01 11:59:42 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2010/09/30 21:15:47 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/09/30 21:15:47 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/30 21:15:44 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/30 21:15:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/30 21:15:42 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/07 15:00:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/25 10:20:38 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 10:14:17 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009/11/28 13:00:43 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2009/11/20 09:22:03 | 000,069,888 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/09 12:22:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/08 21:05:54 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2009/11/08 21:00:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2009/11/08 21:00:40 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2009/11/08 20:55:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2009/10/03 13:15:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 13:11:11 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 06:05:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/03 06:04:34 | 000,327,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/09/03 10:52:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 10:51:54 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 10:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
< End of report >
#21
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,103
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 03 July 2011 - 07:18 PM
Strange things going on here.
Please open the command prompt:
Start > Run > type cmd and then OK. Then type the following, into the black window:
Then tap the enter button on your keyboard.
You should see the following confirmation:
Next
Let’s try to reset the router to its default configuration.
Please open the command prompt:
Start > Run > type cmd and then OK. Then type the following, into the black window:
ipconfig /flushdns
Then tap the enter button on your keyboard.
You should see the following confirmation:
Quote
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
Successfully flushed the DNS Resolver Cache.
Next
Let’s try to reset the router to its default configuration.
- This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
- Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
- If you don’t know the router's default password, you can look it up. HERE
- You also need to reconfigure any security settings you had in place prior to the reset.
- You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#22
- Member
-
- Group: Members
- Posts: 20
- Joined: 10-June 11
Posted 03 July 2011 - 11:32 PM
m0le -
I did those two things. I never saw anywhere to use the password or reset security settings. But, my internet is working - although my wireless light is not on. I do not use this often, so it is not currently a problem. However, I would like to have it working, for when I buy my new laptop - ha! ha!
I have gone back to this website and this post twice, without redirection, which is a plus.
I also did a reboot of my computer, and the first time an error warning popped up saying that something was not found. I was not quick enough to get it down on paper though, so I rebooted it a second time hoping to catch it. This time, however, it did not show up...
Maybe the router was not finished with whatever it was doing the first time???
I did those two things. I never saw anywhere to use the password or reset security settings. But, my internet is working - although my wireless light is not on. I do not use this often, so it is not currently a problem. However, I would like to have it working, for when I buy my new laptop - ha! ha!
I have gone back to this website and this post twice, without redirection, which is a plus.
I also did a reboot of my computer, and the first time an error warning popped up saying that something was not found. I was not quick enough to get it down on paper though, so I rebooted it a second time hoping to catch it. This time, however, it did not show up...
Maybe the router was not finished with whatever it was doing the first time???
#23
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,103
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 04 July 2011 - 06:10 PM
Even with a clean machine the router can still be hacked until reset.
Please read this: Malware Silently Alters Wireless Router Settings
It sounds like we're at the end of this fix. Please read and action the final instructions to complete the topic
You're clean. Good stuff!
Let's do some clearing up
If you used DeFogger now is the time to enable your CD emulation software again.
Uninstall ComboFix
Remove Combofix now that we're done with it.
We Need to Clean Up our Mess
Download and Run OTC
We will now remove the tools we used during this fix using OTC.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------
Here's some advice on how you can keep your PC clean
Use and update your AntiVirus Software
You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.
Make sure your applications have all of their updates
Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.
Install an AntiSpyware Program
A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.
Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.
Finally, here's a treasure trove of antivirus, antimalware and antispyware resources
That's it veggiebin, happy surfing!
Cheers.
m0le
Please read this: Malware Silently Alters Wireless Router Settings
It sounds like we're at the end of this fix. Please read and action the final instructions to complete the topic
You're clean. Good stuff!
Let's do some clearing up
If you used DeFogger now is the time to enable your CD emulation software again.
Uninstall ComboFix
Remove Combofix now that we're done with it.
- Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
(For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run) - Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
- Please follow the prompts to uninstall Combofix.
- You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
We Need to Clean Up our Mess
Download and Run OTC
We will now remove the tools we used during this fix using OTC.
- Download OTC by OldTimer and save it to your desktop.
- Double click
icon to start the program. If you are using Vista, please right-click and choose run as administrator - Then Click the big
button. - You will get a prompt saying "Being Cleanup Process". Please select Yes.
- Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------
Here's some advice on how you can keep your PC clean
Use and update your AntiVirus Software
You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.
Make sure your applications have all of their updates
Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.
Install an AntiSpyware Program
A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.
Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.
Finally, here's a treasure trove of antivirus, antimalware and antispyware resources
That's it veggiebin, happy surfing!
Cheers.
m0le
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#24
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,103
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 10 July 2011 - 04:58 PM
It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
