Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High CPU usage, can not find what virus or malware is causing this


  • This topic is locked This topic is locked
17 replies to this topic

#1 BobJ99

BobJ99

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 24 November 2009 - 03:22 PM

My cpu usage has started to peg on me and is slowing my computer down. I was running AVG(free) and adaware and doing scans on a regular basis. These programs have worked in them past for me, but have been unable to repair or find the problems this time. I downloaded and installed pctools antivirus and malware package. This cleaned up the computer some but I can not get rid of the CPU spikes and slowing down of my computer. Any assistancte will be greatly appreciated. Thank you.


DDS (Ver_09-11-24.02) - NTFSx86
Run by Bob Johnson at 11:40:23.57 on Tue 11/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1161 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bob Johnson\Local Settings\Temporary Internet Files\Content.IE5\F01O5B15\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by Verizon Online
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~1\data\xtras\mssysmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Motive SmartBridge] c:\progra~1\verizo~1\smartb~1\MotiveSB.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [RunOnce2Upd] "c:\windows\system32\KB_963493.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digima~1.lnk - c:\program files\samsung\digimax viewer 2.1\STImgBrowser.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\verizo~1.lnk - c:\program files\verizon online\bin\matcli.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\bob johnson\start menu\programs\ultimatebet\UltimateBet.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224535446500
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224619769890
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.29.11/ttinst.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\system3

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-29 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-22 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-23 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-23 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-22 333192]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-22 229304]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-22 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-22 358600]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-22 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-23 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S2 Unis51;Unis51;c:\windows\system32\unis51.sys --> c:\windows\system32\Unis51.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

=============== Created Last 30 ================

2009-11-24 19:00:36 0 d-----w- c:\program files\Trend Micro
2009-11-23 20:03:08 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-11-23 20:03:08 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-11-23 20:03:08 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-11-23 02:46:21 883 ----a-w- c:\windows\RegSDImport.xml
2009-11-23 02:46:21 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-23 02:46:21 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-23 02:46:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-23 02:46:21 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-23 02:46:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-23 02:46:21 131 ----a-w- c:\windows\IDB.zip
2009-11-23 02:46:21 1152470 ----a-w- c:\windows\UDB.zip
2009-11-23 02:31:16 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-11-23 02:31:16 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-23 02:31:08 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-23 02:31:08 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-11-23 02:31:08 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-23 02:31:08 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-23 02:31:02 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-11-23 02:31:02 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-23 02:30:56 0 d-----w- c:\program files\Spyware Doctor
2009-11-23 02:30:56 0 d-----w- c:\program files\common files\PC Tools
2009-11-23 02:30:56 0 d-----w- c:\docume~1\bobjoh~1\applic~1\PC Tools
2009-11-23 02:30:56 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-23 01:16:47 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-22 20:00:17 0 d--h--w- C:\$AVG
2009-11-22 19:59:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-22 19:59:51 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-11-22 19:59:51 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-22 19:59:50 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-22 19:59:46 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-22 19:59:38 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-22 19:59:11 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-22 19:24:17 0 d-----w- c:\windows\SxsCaPendDel
2009-11-22 01:19:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll.old
2009-11-15 14:01:35 0 d-----w- c:\docume~1\bobjoh~1\applic~1\ZoomBrowser EX
2009-11-15 13:40:22 0 d-----w- c:\docume~1\bobjoh~1\applic~1\CameraWindowDC
2009-11-15 13:40:21 0 d-----w- c:\docume~1\bobjoh~1\applic~1\CANON INC
2009-10-30 00:58:25 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-30 00:58:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-30 00:52:28 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

==================== Find3M ====================

2009-10-30 00:58:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 02:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-10-18 12:20:32 13612 -c--a-w- c:\program files\common files\enalupu.ban
2008-10-18 12:20:32 12545 -c--a-w- c:\program files\common files\nepimykiq.dl
2008-10-18 12:20:32 10814 -c--a-w- c:\program files\common files\usajez.inf
2008-10-18 12:20:31 12369 -c--a-w- c:\program files\common files\qatut.bin
2008-10-18 06:03:48 17254 -c--a-w- c:\program files\common files\ohify.lib
2008-10-18 06:03:48 13372 -c--a-w- c:\program files\common files\ezujilaq.scr
2008-10-18 06:03:48 10596 -c--a-w- c:\program files\common files\cakyg.vbs
2008-10-20 20:10:52 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102020081021\index.dat

============= FINISH: 11:43:49.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 29 November 2009 - 03:45 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 BobJ99

BobJ99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 30 November 2009 - 01:45 PM

Here are the OTL reports. Thank you.

OTL logfile created on: 11/30/2009 10:29:03 AM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Documents and Settings\Bob Johnson\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.76% Memory free
3.35 Gb Paging File | 2.32 Gb Available in Paging File | 69.24% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 13.59 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 2.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: Bob Johnson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/30 10:28:39 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Johnson\Desktop\OTL.exe
PRC - [2009/10/08 13:14:00 | 00,140,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFUN.exe
PRC - [2009/10/08 13:13:54 | 00,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/09/25 11:19:43 | 17,317,008 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\Wow.exe
PRC - [2009/09/23 13:33:42 | 01,141,200 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/09/22 17:11:32 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/05/13 17:11:14 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/11/11 17:50:15 | 00,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe


========== Modules (SafeList) ==========

MOD - [2009/11/30 10:28:39 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Johnson\Desktop\OTL.exe
MOD - [2009/10/08 13:14:02 | 00,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/09/29 16:30:56 | 00,147,992 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 00,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2006/08/25 07:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (avg8wd)
SRV - [2009/10/08 13:13:54 | 00,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/23 13:33:42 | 01,141,200 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/02/17 21:55:07 | 00,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2005/05/13 17:11:14 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/05/13 17:11:14 | 00,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/11/22 11:59:46 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/22 11:59:43 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/08 13:14:10 | 00,059,664 | --S- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/10/08 13:14:10 | 00,033,552 | --S- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/10/08 13:14:08 | 00,051,984 | --S- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/09/24 08:55:46 | 00,229,304 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2009/09/23 16:10:06 | 00,207,280 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/03 09:45:12 | 00,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/06/09 06:57:12 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (Pcouffin)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/26 15:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/06/28 23:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/07/07 20:55:01 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2005/07/07 20:55:01 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/07/07 20:55:01 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/06/20 06:08:44 | 02,324,480 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/13 17:03:52 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/05/13 17:03:30 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/05/13 07:03:25 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/04/05 11:22:30 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/05 11:22:28 | 00,033,536 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 15:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 04:00:00 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/04/07 14:42:18 | 00,007,296 | ---- | M] (Winbond Electronics Corp.) -- C:\WINDOWS\system32\drivers\Wbhwdoct.sys -- (WBHWDOCT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1645522239-842925246-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1645522239-842925246-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1645522239-842925246-839522115-1004\S-1-5-21-1645522239-842925246-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-842925246-839522115-1004\S-1-5-21-1645522239-842925246-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1645522239-842925246-839522115-1004\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1645522239-842925246-839522115-1004..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-842925246-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Bob Johnson\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra 'Tools' menuitem : UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Bob Johnson\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1645522239-842925246-839522115-1004\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testAc...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1224535446500 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1224619769890 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.29.11/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamem...GameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/17 21:58:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/27 16:29:03 | 00,000,000 | R--D | M] - F:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2009/07/27 16:34:55 | 00,703,552 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2009/07/27 16:34:55 | 00,715,840 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2009/07/27 16:34:49 | 00,000,179 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/30 10:28:31 | 00,536,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob Johnson\Desktop\OTL.exe
[2009/11/24 11:01:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Desktop\hijackthis
[2009/11/24 11:00:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/23 12:03:08 | 00,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2009/11/23 12:03:08 | 00,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2009/11/23 12:03:08 | 00,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2009/11/22 18:51:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\Threat Expert
[2009/11/22 18:46:21 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/11/22 18:46:21 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/11/22 18:46:21 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/11/22 18:31:16 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/11/22 18:31:08 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/11/22 18:31:08 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/11/22 18:31:02 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/11/22 18:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/11/22 18:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/11/22 18:30:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Application Data\PC Tools
[2009/11/22 18:30:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/11/22 18:30:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/22 12:00:17 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/22 11:59:52 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/22 11:59:51 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/11/22 11:59:51 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2009/11/22 11:59:50 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/22 11:59:46 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/22 11:59:43 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/22 11:59:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/22 11:59:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/22 11:24:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/11/21 17:19:57 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.old
[2009/11/15 06:01:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Application Data\ZoomBrowser EX
[2009/11/15 05:40:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Application Data\CameraWindowDC
[2009/11/15 05:40:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Application Data\CANON INC
[2008/02/07 05:03:35 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Bob Johnson\Application Data\pcouffin.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/30 10:28:39 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Johnson\Desktop\OTL.exe
[2009/11/30 10:23:35 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/11/30 10:19:19 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/11/30 10:19:18 | 00,000,899 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/30 10:19:18 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/30 10:17:55 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/30 10:17:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/30 10:17:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/30 09:29:00 | 00,000,354 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/11/29 17:58:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/29 13:51:07 | 00,000,142 | ---- | M] () -- C:\Documents and Settings\Bob Johnson\default.pls
[2009/11/29 13:50:27 | 07,602,176 | ---- | M] () -- C:\Documents and Settings\Bob Johnson\ntuser.dat
[2009/11/29 13:48:12 | 00,223,232 | ---- | M] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/27 06:07:08 | 16,106,12736 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/11/25 10:52:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/25 04:14:49 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Bob Johnson\ntuser.ini
[2009/11/24 11:00:36 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Bob Johnson\Desktop\HijackThis.lnk
[2009/11/22 18:31:05 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/22 11:59:52 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/22 11:59:52 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2009/11/22 11:59:51 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/11/22 11:59:51 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2009/11/22 11:59:50 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/22 11:59:46 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/22 11:59:43 | 45,565,874 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/22 11:59:43 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/22 11:59:43 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/22 11:59:38 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/22 11:59:38 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/22 11:59:38 | 00,098,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/22 08:03:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/21 20:32:06 | 00,000,940 | ---- | M] () -- C:\WINDOWS\disney.ini
[2009/11/21 19:38:18 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.old
[2009/11/12 12:02:27 | 00,203,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/01 06:50:17 | 00,550,500 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 06:50:17 | 00,463,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 06:50:17 | 00,076,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 11:00:36 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Desktop\HijackThis.lnk
[2009/11/22 19:39:04 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/11/22 18:46:21 | 01,152,470 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/11/22 18:46:21 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/11/22 18:46:21 | 00,000,883 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/11/22 18:46:21 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/11/22 18:46:21 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/11/22 18:31:16 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/11/22 18:31:08 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/11/22 18:31:08 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/11/22 18:31:05 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/22 18:31:02 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/11/22 11:59:52 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2009/11/22 11:59:43 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/22 11:59:38 | 45,565,874 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/22 11:59:38 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/22 11:59:38 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/22 11:59:38 | 00,098,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/02 12:16:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/02/25 06:54:01 | 00,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2008/10/18 04:20:32 | 00,018,634 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\opucahiqy.db
[2008/10/18 04:20:32 | 00,014,844 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\abalu.bat
[2008/10/18 04:20:32 | 00,014,331 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zokani._dl
[2008/10/18 04:20:32 | 00,013,612 | ---- | C] () -- C:\Program Files\Common Files\enalupu.ban
[2008/10/18 04:20:32 | 00,012,545 | ---- | C] () -- C:\Program Files\Common Files\nepimykiq.dl
[2008/10/18 04:20:32 | 00,012,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\najomisi.ban
[2008/10/18 04:20:32 | 00,012,395 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\vino.ban
[2008/10/18 04:20:32 | 00,011,876 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\boxu.ban
[2008/10/18 04:20:32 | 00,010,814 | ---- | C] () -- C:\Program Files\Common Files\usajez.inf
[2008/10/18 04:20:31 | 00,013,871 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\yketagedo.ban
[2008/10/18 04:20:31 | 00,012,369 | ---- | C] () -- C:\Program Files\Common Files\qatut.bin
[2008/10/17 22:03:48 | 00,019,951 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ehugoj.dl
[2008/10/17 22:03:48 | 00,019,812 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\vimewilo.db
[2008/10/17 22:03:48 | 00,019,497 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\urava.dat
[2008/10/17 22:03:48 | 00,017,254 | ---- | C] () -- C:\Program Files\Common Files\ohify.lib
[2008/10/17 22:03:48 | 00,016,395 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\eqyxobegal.inf
[2008/10/17 22:03:48 | 00,014,038 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gihopy._sy
[2008/10/17 22:03:48 | 00,013,372 | ---- | C] () -- C:\Program Files\Common Files\ezujilaq.scr
[2008/10/17 22:03:48 | 00,013,251 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\xezas.ban
[2008/10/17 22:03:48 | 00,012,926 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\pupi.scr
[2008/10/17 22:03:48 | 00,012,678 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\wexowimog.dll
[2008/10/17 22:03:48 | 00,011,745 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lerug.lib
[2008/10/17 22:03:48 | 00,010,747 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\xykatiq.com
[2008/10/17 22:03:48 | 00,010,596 | ---- | C] () -- C:\Program Files\Common Files\cakyg.vbs
[2008/10/17 22:03:48 | 00,010,409 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\avyvumose.exe
[2008/09/19 13:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/07 05:03:36 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\pcouffin.log
[2008/02/07 05:03:35 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\inst.exe
[2008/02/07 05:03:35 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\pcouffin.cat
[2008/02/07 05:03:35 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\pcouffin.inf
[2007/09/09 13:41:51 | 00,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2007/07/08 06:35:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\UltimateBuddy.INI
[2007/05/04 10:09:44 | 00,000,090 | ---- | C] () -- C:\WINDOWS\ALBUM.INI
[2006/05/30 15:47:59 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/04/23 09:49:49 | 00,005,059 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/04/23 09:49:49 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/20 17:52:54 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/08 08:58:30 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\fusioncache.dat
[2006/04/03 13:59:02 | 00,000,940 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/03/12 17:32:47 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL
[2006/03/06 09:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2006/02/20 15:13:57 | 00,223,232 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/19 09:42:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/19 09:37:01 | 00,000,324 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2006/02/19 09:37:01 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Pf_setup.ini
[2006/02/19 09:36:14 | 00,157,032 | ---- | C] () -- C:\WINDOWS\System32\TwnPRO20.dll
[2006/02/19 09:35:07 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/02/19 09:35:07 | 00,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/02/19 09:35:07 | 00,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/02/19 09:35:06 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2006/02/19 09:35:06 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/02/19 09:33:27 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/02/19 09:33:27 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/02/19 09:33:09 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll
[2006/02/19 09:27:11 | 00,000,402 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/02/18 10:50:49 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/02/18 10:50:11 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/17 22:04:48 | 00,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2006/02/17 19:41:11 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/02/17 19:41:04 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/10/13 18:17:26 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/10/13 18:17:26 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/10/13 18:17:24 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/10/13 18:17:20 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/10/13 18:17:20 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/10/13 18:17:18 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 11/30/2009 10:29:03 AM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Documents and Settings\Bob Johnson\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.76% Memory free
3.35 Gb Paging File | 2.32 Gb Available in Paging File | 69.24% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 13.59 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 2.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: Bob Johnson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader: 6112
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.3.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Odds Maker\client.exe" = C:\Program Files\Odds Maker\client.exe:*:Enabled:Odds Maker Client -- ()
"C:\Documents and Settings\Bob Johnson\Local Settings\Temp\Blizzard Launcher Temporary - 22a51da8\Launcher.exe" = C:\Documents and Settings\Bob Johnson\Local Settings\Temp\Blizzard Launcher Temporary - 22a51da8\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe" = C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Enabled:dndclient -- File not found
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{149B898E-BDCA-11D7-B544-00105A845E81}" = ABITEQ
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{222285C2-037F-4AF9-83B3-B33A7288EC9D}" = Disney Mix It Plug-in
"{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007
"{25EF00A1-F17B-11D6-88EA-000476CD2443}" = Verizon Online Support Center
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{2C8695AF-5219-4649-B30E-068BB49715AD}" = The Human Body in Health and Illness, 3rd Edition
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{412DD59E-4188-4EB9-83C2-7980BDF6BEB2}" = Digimax A6
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}" = ArcSoft PhotoImpression 4
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76703039-C98C-4e62-A12C-4D7066BE9985}" = The Sims™ 2 University Life Collection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BBDFB3E-F8BE-4D52-98BA-B6087F8F1D58}" = PS7700
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.13
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}" = Digimax Viewer 2.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C7B8B101-6620-43F6-8C2C-27030FD63820}" = EaseUs Disk Copy 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DA932D71-E52A-43D5-009E-395A1AEC1474}" = The Sims™ Life Stories
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD67A9A9-B292-43B2-A4F9-59AD62626CAD}" = Digimax Reader
"102 Dalmatians Activity Center" = 102 Dalmatians Activity Center
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe ActiveShare" = Adobe ActiveShare 1.3.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG8Uninstall" = AVG Free 8.5
"Axis and Allies" = Axis and Allies
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe (remove only)
"Browser Defender_is1" = Browser Defender 2.0.6.10
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSA470" = Canon PowerShot A470 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CSCLIB" = Canon Camera Support Core Library
"DirectPrintUserGuide" = Canon Direct Print User Guide
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"Disney's Toontown Online" = Disney's Toontown Online
"Dogz" = Dogz (remove only)
"DVD Flick_is1" = DVD Flick
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD2one V2" = DVD2one V2.0.5
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"DVDFab 6_is1" = DVDFab 6.0.6.0 (04/09/2009)
"DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.5.0
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.0.6.2
"DVDXCopyXpress" = DVDXCopy Xpress 3.0.2
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"EOS Utility" = Canon Utilities EOS Utility
"ExtractNow_is1" = ExtractNow
"FLV Player" = FLV Player 2.0 (build 25)
"Free Realms Installer" = Free Realms Installer
"GrabIt_is1" = GrabIt 1.7.1 Beta (build 960)
"HD Tach_is1" = HD Tach version 3
"HijackThis" = HijackThis 2.0.2
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Interactive Repair Manuals" = Interactive Repair Manuals
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFantasy 2000" = PhotoFantasy 2000
"PhotoStitch" = Canon Utilities PhotoStitch
"QuickPar" = QuickPar 0.9
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Scan-To-Web" = HP Scan-to-Web Wizard
"Silvestri Comp PN 3e" = Saunders Comprehensive Review for the NCLEX-PN® Examination, 3rd Edition
"SoftwareStarterGuide-DCSD34" = Canon Digital Camera Solution Disk 34 Software Starter Guide
"Spyware Doctor" = Spyware Doctor 7.0
"ToolBook II 6.1 Runtime Files" = ToolBook II 6.1 Runtime Files
"Trellix2DeinstKey9" = Trellix Web
"UltimateBet" = UltimateBet
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"World War II Online " = World War II Online
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-842925246-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Odds Maker" = Odds Maker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/28/2009 11:21:05 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x000372e3.

Error - 11/29/2009 8:14:53 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application TFService.exe, version 4.9.10.8, faulting module
TFE.dll, version 4.9.10.8, fault address 0x000093b3.

Error - 11/29/2009 8:38:28 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x000372e3.

Error - 11/29/2009 8:50:59 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 11/29/2009 8:55:50 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 11/29/2009 3:56:12 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module pctbdcore.dll, version 2.0.6.10, fault address 0x000588c1.

Error - 11/29/2009 5:26:34 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x02411cdc.

Error - 11/29/2009 11:11:35 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x000372e3.

Error - 11/29/2009 11:43:20 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x000372e3.

Error - 11/30/2009 12:05:44 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x000372e3.

[ System Events ]
Error - 11/20/2009 3:42:41 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 11/21/2009 12:28:49 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The Unis51 service failed to start due to the following error: %%2

Error - 11/21/2009 8:42:27 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The Unis51 service failed to start due to the following error: %%2

Error - 11/21/2009 8:51:38 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 11/21/2009 8:52:39 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/21/2009 6:31:00 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The Unis51 service failed to start due to the following error: %%2

Error - 11/21/2009 6:31:44 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 11/21/2009 6:31:44 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 11/21/2009 8:27:51 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The Unis51 service failed to start due to the following error: %%2

Error - 11/21/2009 8:45:14 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The Unis51 service failed to start due to the following error: %%2


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 01 December 2009 - 09:01 AM

Hi,

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or PC Tools.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    
    [2008/10/18 04:20:32 | 00,018,634 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\opucahiqy.db
    [2008/10/18 04:20:32 | 00,014,844 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\abalu.bat
    [2008/10/18 04:20:32 | 00,014,331 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zokani._dl
    [2008/10/18 04:20:32 | 00,013,612 | ---- | C] () -- C:\Program Files\Common Files\enalupu.ban
    [2008/10/18 04:20:32 | 00,012,545 | ---- | C] () -- C:\Program Files\Common Files\nepimykiq.dl
    [2008/10/18 04:20:32 | 00,012,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\najomisi.ban
    [2008/10/18 04:20:32 | 00,012,395 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\vino.ban
    [2008/10/18 04:20:32 | 00,011,876 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\boxu.ban
    [2008/10/18 04:20:32 | 00,010,814 | ---- | C] () -- C:\Program Files\Common Files\usajez.inf
    [2008/10/18 04:20:31 | 00,013,871 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\yketagedo.ban
    [2008/10/18 04:20:31 | 00,012,369 | ---- | C] () -- C:\Program Files\Common Files\qatut.bin
    [2008/10/17 22:03:48 | 00,019,951 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ehugoj.dl
    [2008/10/17 22:03:48 | 00,019,812 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\vimewilo.db
    [2008/10/17 22:03:48 | 00,019,497 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\urava.dat
    [2008/10/17 22:03:48 | 00,017,254 | ---- | C] () -- C:\Program Files\Common Files\ohify.lib
    [2008/10/17 22:03:48 | 00,016,395 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\eqyxobegal.inf
    [2008/10/17 22:03:48 | 00,014,038 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gihopy._sy
    [2008/10/17 22:03:48 | 00,013,372 | ---- | C] () -- C:\Program Files\Common Files\ezujilaq.scr
    [2008/10/17 22:03:48 | 00,013,251 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\xezas.ban
    [2008/10/17 22:03:48 | 00,012,926 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\pupi.scr
    [2008/10/17 22:03:48 | 00,012,678 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\wexowimog.dll
    [2008/10/17 22:03:48 | 00,011,745 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lerug.lib
    [2008/10/17 22:03:48 | 00,010,747 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\xykatiq.com
    [2008/10/17 22:03:48 | 00,010,596 | ---- | C] () -- C:\Program Files\Common Files\cakyg.vbs
    [2008/10/17 22:03:48 | 00,010,409 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\avyvumose.exe
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Please also provide a log from gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

rgards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 BobJ99

BobJ99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 01 December 2009 - 02:09 PM

I have to split this up into 2 posts. I also noticed that helpassistant is showing up as a user in my comp. I looked online and I believe that this is a virus/trojan/worm. I have deleted the file but it continues to return on startup. I have not done anything else without your instruction though. Thanks again.

OTL logfile created on: 12/1/2009 6:11:32 AM - Run 2
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Documents and Settings\Bob Johnson\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 60.95% Memory free
3.35 Gb Paging File | 2.51 Gb Available in Paging File | 74.82% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 21.47 Gb Free Space | 28.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 2.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: Bob Johnson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bob Johnson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe (Ahead Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bob Johnson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg8wd) -- File not found
SRV - (ThreatFire) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv32.dll (Microsoft Corporation)
SRV - (InCDsrvR) InCD Helper (read only) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (TfSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\hpzid412.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDrm.sys (Nero AG)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (WBHWDOCT) -- C:\WINDOWS\system32\drivers\Wbhwdoct.sys (Winbond Electronics Corp.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:24:11 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Bob Johnson\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra 'Tools' menuitem : UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Bob Johnson\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testAc...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1224535446500 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1224619769890 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.29.11/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamem...GameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/17 21:58:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/27 16:29:03 | 00,000,000 | R--D | M] - F:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2009/07/27 16:34:55 | 00,703,552 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2009/07/27 16:34:55 | 00,715,840 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2009/07/27 16:34:49 | 00,000,179 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/12/01 06:09:34 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/30 19:43:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Desktop\New Folder
[2009/11/30 19:07:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/11/30 10:28:31 | 00,536,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob Johnson\Desktop\OTL.exe
[2009/11/24 11:01:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Desktop\hijackthis
[2009/11/24 11:00:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/23 12:03:08 | 00,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2009/11/23 12:03:08 | 00,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2009/11/23 12:03:08 | 00,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2009/11/22 18:51:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\Threat Expert
[2009/11/22 18:46:21 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/11/22 18:46:21 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/11/22 18:46:21 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/11/22 18:31:16 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/11/22 18:31:08 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/11/22 18:31:08 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/11/22 18:31:02 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/11/22 18:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/11/22 18:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/11/22 18:30:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Application Data\PC Tools
[2009/11/22 18:30:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/11/22 18:30:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/22 12:00:17 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/22 11:59:52 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/22 11:59:51 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/11/22 11:59:51 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2009/11/22 11:59:50 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/22 11:59:46 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/22 11:59:43 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/22 11:59:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/22 11:59:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/22 11:24:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/11/21 17:19:57 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.old
[2009/11/15 06:01:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Application Data\ZoomBrowser EX
[2009/11/15 05:40:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Application Data\CameraWindowDC
[2009/11/15 05:40:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob Johnson\Application Data\CANON INC
[2008/02/07 05:03:35 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Bob Johnson\Application Data\pcouffin.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/01 06:05:21 | 07,602,176 | ---- | M] () -- C:\Documents and Settings\Bob Johnson\ntuser.dat
[2009/12/01 05:29:00 | 00,000,354 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/12/01 04:08:41 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/12/01 03:37:31 | 00,000,899 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/01 03:37:31 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/01 03:37:31 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/12/01 03:36:48 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/30 22:01:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/30 22:01:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/30 20:28:21 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Bob Johnson\ntuser.ini
[2009/11/30 10:28:39 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Johnson\Desktop\OTL.exe
[2009/11/29 17:58:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/29 13:51:07 | 00,000,142 | ---- | M] () -- C:\Documents and Settings\Bob Johnson\default.pls
[2009/11/29 13:48:12 | 00,223,232 | ---- | M] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/27 06:07:08 | 16,106,12736 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/11/25 10:52:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/24 11:00:36 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Bob Johnson\Desktop\HijackThis.lnk
[2009/11/22 18:31:05 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/22 11:59:52 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/22 11:59:52 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2009/11/22 11:59:51 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/11/22 11:59:51 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2009/11/22 11:59:50 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/22 11:59:46 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/22 11:59:43 | 45,565,874 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/22 11:59:43 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/22 11:59:43 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/22 11:59:38 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/22 11:59:38 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/22 11:59:38 | 00,098,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/22 08:03:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/21 20:32:06 | 00,000,940 | ---- | M] () -- C:\WINDOWS\disney.ini
[2009/11/21 19:38:18 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.old
[2009/11/12 12:02:27 | 00,203,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/01 06:50:17 | 00,550,500 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 06:50:17 | 00,463,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 06:50:17 | 00,076,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 11:00:36 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Desktop\HijackThis.lnk
[2009/11/22 19:39:04 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/11/22 18:46:21 | 01,152,470 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/11/22 18:46:21 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/11/22 18:46:21 | 00,000,883 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/11/22 18:46:21 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/11/22 18:46:21 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/11/22 18:31:16 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/11/22 18:31:08 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/11/22 18:31:08 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/11/22 18:31:05 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/22 18:31:02 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/11/22 11:59:52 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2009/11/22 11:59:43 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/22 11:59:38 | 45,565,874 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/22 11:59:38 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/22 11:59:38 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/22 11:59:38 | 00,098,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/02 12:16:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/02/25 06:54:01 | 00,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2008/09/19 13:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/07 05:03:36 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\pcouffin.log
[2008/02/07 05:03:35 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\inst.exe
[2008/02/07 05:03:35 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\pcouffin.cat
[2008/02/07 05:03:35 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\pcouffin.inf
[2007/09/09 13:41:51 | 00,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2007/07/08 06:35:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\UltimateBuddy.INI
[2007/05/04 10:09:44 | 00,000,090 | ---- | C] () -- C:\WINDOWS\ALBUM.INI
[2006/05/30 15:47:59 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/04/23 09:49:49 | 00,005,059 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/04/23 09:49:49 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/20 17:52:54 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/08 08:58:30 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\fusioncache.dat
[2006/04/03 13:59:02 | 00,000,940 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/03/12 17:32:47 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL
[2006/03/06 09:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2006/02/20 15:13:57 | 00,223,232 | ---- | C] () -- C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/19 09:42:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/19 09:37:01 | 00,000,324 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2006/02/19 09:37:01 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Pf_setup.ini
[2006/02/19 09:36:14 | 00,157,032 | ---- | C] () -- C:\WINDOWS\System32\TwnPRO20.dll
[2006/02/19 09:35:07 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/02/19 09:35:07 | 00,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/02/19 09:35:07 | 00,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/02/19 09:35:06 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2006/02/19 09:35:06 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/02/19 09:33:27 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/02/19 09:33:27 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/02/19 09:33:09 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll
[2006/02/19 09:27:11 | 00,000,402 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/02/18 10:50:49 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/02/18 10:50:11 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/17 22:04:48 | 00,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2006/02/17 19:41:11 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/02/17 19:41:04 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/10/13 18:17:26 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/10/13 18:17:26 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/10/13 18:17:24 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/10/13 18:17:20 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/10/13 18:17:20 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/10/13 18:17:18 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


========== OTL ==========
C:\Documents and Settings\All Users\Application Data\opucahiqy.db moved successfully.
C:\Documents and Settings\All Users\Application Data\abalu.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\zokani._dl moved successfully.
C:\Program Files\Common Files\enalupu.ban moved successfully.
C:\Program Files\Common Files\nepimykiq.dl moved successfully.
C:\Documents and Settings\All Users\Application Data\najomisi.ban moved successfully.
C:\Documents and Settings\Bob Johnson\Application Data\vino.ban moved successfully.
C:\Documents and Settings\All Users\Application Data\boxu.ban moved successfully.
C:\Program Files\Common Files\usajez.inf moved successfully.
C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\yketagedo.ban moved successfully.
C:\Program Files\Common Files\qatut.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\ehugoj.dl moved successfully.
C:\Documents and Settings\Bob Johnson\Application Data\vimewilo.db moved successfully.
C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\urava.dat moved successfully.
C:\Program Files\Common Files\ohify.lib moved successfully.
C:\Documents and Settings\Bob Johnson\Application Data\eqyxobegal.inf moved successfully.
C:\Documents and Settings\All Users\Application Data\gihopy._sy moved successfully.
C:\Program Files\Common Files\ezujilaq.scr moved successfully.
C:\Documents and Settings\Bob Johnson\Application Data\xezas.ban moved successfully.
C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\pupi.scr moved successfully.
C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\wexowimog.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\lerug.lib moved successfully.
C:\Documents and Settings\Bob Johnson\Application Data\xykatiq.com moved successfully.
C:\Program Files\Common Files\cakyg.vbs moved successfully.
C:\Documents and Settings\Bob Johnson\Local Settings\Application Data\avyvumose.exe moved successfully.

OTL by OldTimer - Version 3.1.11.3 log created on 12012009_060934

#6 BobJ99

BobJ99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 01 December 2009 - 02:16 PM

Ok, the gmer file is too large to post. I would have to chop it up inot several different posts. Please let me know what you would like me to do. Thanks again.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 02 December 2009 - 03:28 PM

Hi,
can you please try to zip it and attach it?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 BobJ99

BobJ99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 02 December 2009 - 06:17 PM

OK here is the zipped file.

Attached Files

  • Attached File  gmer.zip   37.86KB   2 downloads


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 02 December 2009 - 07:10 PM

Hi,

the helpassistant account is a legit part of the Windows operating system. It is used for remote assistance and remote desktop. If you are using these features, then it is normal that the account is activated. However some malware uses that account for it's own purpose.

Please run mbr.exe to check for the malware:
Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >>"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 BobJ99

BobJ99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 02 December 2009 - 09:03 PM

Here is the report. And no I am not running any remote assistance programs and I have noticed that new accounts are appearing on my users. I now have administrator and all users showing when I do an explore and I have never had them before.
Thanks again.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88DFFF30]<<
kernel: MBR read successfully
user & kernel MBR OK

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 02 December 2009 - 09:17 PM

Hi,

please run Combofix as a next step:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 BobJ99

BobJ99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 02 December 2009 - 11:13 PM

OK here is the combo fix log. Thanks again.

Attached Files



#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 03 December 2009 - 12:01 PM

Hi,

please run the following command:
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -f >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
Reboot and let me know if the HelpAssistant is still active.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 BobJ99

BobJ99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 03 December 2009 - 04:57 PM

Now I have helpassistant and helpassistant.anonymous 0 through 001 now listed. Thye are not showing on log in just when I right click on the start menu and click explore and helpassistant.anonoymous.001 has a copy of all files from my log in it. Also the computer locks up when I try to shut it down. It will restart though. Here is a copy of the file.

tealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Edited by BobJ99, 03 December 2009 - 09:23 PM.


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:00 AM

Posted 05 December 2009 - 04:53 AM

Hi,

please just check if you can get rid of this problem by following the instructions to close an open request topic:
1. Click Start, and then click Help and Support.
2. Click the Remote Assistance link.
3. Click the View invitation status link.
4. Select the desired open ticket to expire.
5. Click the Expire button.

If that doesn't work please let me know.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users