Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirects in both IE and Firefox - random pops also


  • This topic is locked This topic is locked
35 replies to this topic

#1 Jenniferrd

Jenniferrd

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 11 April 2010 - 12:39 AM

A few days ago, I started to get browser redirects in both IE and Firefox - it seems random in Firefox; in IE, it's about every second or third link that redirects in a Google search. I'm also getting random popups from both IE and Firefox. I have ran Malwarebytes, Adaware, Trend Micro's Housecall, Spybot, SuperAntispyware. I had upgraded Adaware to their paid service, and it found trojans, but did not take care of the popup and redirect problems. Now, nothing is being found by any of the anti-malware, but I'm still having the same issues. I'm having issues getting into Adaware to give details on the trojans. Additionally, I downloaded CA Anti-Virus Plus Anti-Spyware 2010, but the install failed and now I can't get rid of it off of my computer.

I am hoping I'm doing this right, here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:38 AM, on 4/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Upromise\dca-ua.exe
C:\Program Files\Upromise\UpromiseTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.mozilla.org/start/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\fbhffadg.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\fbhffadg.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.65.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe" /tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Upromise Update] C:\Program Files\Upromise\dca-ua.exe
O4 - HKCU\..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000028.000000D8
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O21 - SSODL: hawewemez - {658be8a2-3b3c-4e02-91f9-5d46002e9ce9} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {658be8a2-3b3c-4e02-91f9-5d46002e9ce9} - (no file)
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLinkSafeConnectAgent - Sana Security - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b0a8b412f88a) (gupdate1c9b0a8b412f88a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtectionService - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12035 bytes

Two quick updates: I was able to remove CA Anti-Virus Plus Anti-Spyware 2010 off the computer by redownloading and then uninstalling the whole thing.

I also was able to get into AdAware:

Trojan.FakeAlert
Trojan.Win32.Generic!BT
Trojan.Win32.Generic!SB.0
Trojan.Win32.Hiloti.gen.d (v)
VirTool.Win32.Obfuscator.hg!a (v)

Hope this can help.

Merged posts. ~ OB

Edited by Orange Blossom, 11 April 2010 - 02:01 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:46 AM

Posted 13 April 2010 - 11:28 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %appdata%\*.exe
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    sfcfiles.dll
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    beep.sys
    iaStor.sys
    nvstor.sys
    atapi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    iastorv.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 Jenniferrd

Jenniferrd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 13 April 2010 - 04:08 PM

I appreciate any help you can give, thanks so much. Here are the two logs you requested.

OTL.txt
OTL logfile created on: 4/13/2010 4:55:21 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 379.00 Mb Available Physical Memory | 37.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 69.95 Gb Free Space | 30.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EGGANDONION
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/13 16:54:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/06 14:42:25 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/05 12:16:01 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/07/01 13:35:38 | 000,167,936 | ---- | M] () -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2009/07/01 13:19:32 | 000,081,920 | ---- | M] (Compete Inc) -- C:\Program Files\Upromise\dca-ua.exe
PRC - [2009/04/26 15:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
PRC - [2008/09/25 09:51:54 | 000,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/05/29 12:49:50 | 001,085,440 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/10/01 10:01:12 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/21 13:38:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006/06/05 14:51:16 | 000,147,728 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe
PRC - [2006/01/06 09:57:20 | 001,343,488 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2004/09/11 08:15:36 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/05/17 19:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2003/06/12 09:47:06 | 000,135,168 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe


========== Modules (SafeList) ==========

MOD - [2010/04/13 16:54:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2001/07/02 21:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ProtectionService)
SRV - File not found [Auto | Stopped] -- -- (Apache)
SRV - File not found [Disabled | Stopped] -- -- (ADSService)
SRV - [2010/04/06 14:42:25 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/04/26 15:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2008/08/30 23:11:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/16 16:33:14 | 004,664,344 | ---- | M] (Sana Security) [On_Demand | Stopped] -- C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe -- (EarthLinkSafeConnectAgent)
SRV - [2006/06/05 14:51:16 | 000,147,728 | R--- | M] (Command Software Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/04/05 12:16:54 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/09/23 08:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/12/21 07:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/12/12 11:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/11/20 08:44:42 | 000,035,352 | ---- | M] (Aluria Software, a division of EarthLink, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADSMonitor.sys -- (ADSMonitor) ADSMonitor - (EarthLink Monitor Driver)
DRV - [2006/11/20 08:44:36 | 000,056,728 | ---- | M] (Aluria Software, a division of EarthLink, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADSFilter.sys -- (ADSFilter) ADSFilter - (Aluria Filter Driver)
DRV - [2006/11/10 14:11:50 | 000,042,040 | ---- | M] (Authentium Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GRTdiMon.sys -- (GRTdiMon)
DRV - [2006/11/10 14:11:48 | 000,022,584 | ---- | M] (Global RISC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GRFilter.sys -- (GRFILTER)
DRV - [2006/09/03 09:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/06/05 14:30:04 | 000,829,008 | R--- | M] (Command Software Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\css-dvp.sys -- (CSS DVP)
DRV - [2005/12/19 21:39:50 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/30 22:42:35 | 001,333,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/06 08:27:00 | 000,232,064 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/07/06 20:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/03/22 15:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 15:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/03/17 19:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/02/05 02:49:56 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/11/13 22:19:48 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/13 22:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 22:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/10 05:40:38 | 000,145,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/07/10 05:38:28 | 000,651,792 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/06/27 04:24:54 | 000,159,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/06/27 04:24:42 | 000,860,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/06/19 23:33:40 | 000,136,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/06/19 23:33:24 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/06/19 23:33:16 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/06/19 23:33:02 | 000,509,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 22:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/05/03 15:56:24 | 000,024,528 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/02/25 08:55:18 | 000,015,400 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-769117909-3878923446-900787009-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-769117909-3878923446-900787009-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-769117909-3878923446-900787009-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-769117909-3878923446-900787009-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-769117909-3878923446-900787009-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-769117909-3878923446-900787009-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.60
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {06C43693-2C7F-4beb-BB52-EF92C6CA0C44}:0.6.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {FA64083A-FCFA-418B-AB1F-6EF64E32C0D4}:1.9.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{FA64083A-FCFA-418B-AB1F-6EF64E32C0D4}: C:\Documents and Settings\Owner\Local Settings\Application Data\{FA64083A-FCFA-418B-AB1F-6EF64E32C0D4} [2010/01/23 20:45:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.2\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2010/02/17 12:29:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.2\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2010/02/12 15:13:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/13 09:39:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/13 08:09:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/02/24 11:44:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/02/12 15:13:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.12\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2010/02/24 11:47:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.12\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2010/02/12 15:13:39 | 000,000,000 | ---D | M]

[2008/10/11 13:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2004/09/19 08:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1jp6po85.default\extensions
[2004/09/19 08:34:33 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1jp6po85.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/17 14:14:34 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1jp6po85.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/13 10:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions
[2009/06/19 19:47:06 | 000,000,000 | ---D | M] (Send Page By Email) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{06C43693-2C7F-4beb-BB52-EF92C6CA0C44}
[2008/10/11 13:38:45 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2008/11/17 14:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008/10/11 13:38:13 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/08/16 20:47:34 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/11/17 14:47:33 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\searchplugins\aim-search.xml
[2010/04/10 21:22:30 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\searchplugins\mw-dictionary.xml
[2010/04/13 10:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/07 13:59:00 | 000,044,151 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\inspector.dll
[2007/05/19 17:36:58 | 000,147,456 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/04/11 02:03:50 | 000,000,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Merriam-Webster Online BHO) - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.65.dll ()
O3 - HKLM\..\Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Merriam-Webster Online) - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-769117909-3878923446-900787009-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-769117909-3878923446-900787009-1003\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKU\S-1-5-21-769117909-3878923446-900787009-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-769117909-3878923446-900787009-1003\..\Toolbar\WebBrowser: (Merriam-Webster Online) - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL ()
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [CTHelper] File not found
O4 - HKLM..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-769117909-3878923446-900787009-1003..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe File not found
O4 - HKU\S-1-5-21-769117909-3878923446-900787009-1003..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-769117909-3878923446-900787009-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-769117909-3878923446-900787009-1003..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe ()
O4 - HKU\S-1-5-21-769117909-3878923446-900787009-1003..\Run: [Upromise Update] C:\Program Files\Upromise\dca-ua.exe (Compete Inc)
O4 - HKU\S-1-5-21-769117909-3878923446-900787009-1003..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-769117909-3878923446-900787009-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-769117909-3878923446-900787009-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-769117909-3878923446-900787009-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-769117909-3878923446-900787009-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-769117909-3878923446-900787009-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: MWOL &Dictionary - C:\WINDOWS\_MWOLTB.DLL ()
O8 - Extra context menu item: MWOL &Thesaurus - C:\WINDOWS\_MWOLTB.DLL ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-769117909-3878923446-900787009-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: hawewemez - {658be8a2-3b3c-4e02-91f9-5d46002e9ce9} - CLSID or File not found.
O22 - SharedTaskScheduler: {658be8a2-3b3c-4e02-91f9-5d46002e9ce9} - tokatiluy - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/02/04 21:56:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/02/04 13:47:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/13 16:54:18 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/13 07:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/13 07:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/13 07:53:45 | 005,650,240 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Owner\Desktop\HitmanPro35.exe
[2010/04/11 01:44:33 | 037,968,392 | ---- | C] (CA, Inc. ) -- C:\Documents and Settings\Owner\Desktop\na_aspy_ca_32_en_NADefaulteCommTrial2009_trial.exe
[2010/04/11 00:50:12 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2010/04/10 21:25:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/10 20:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/10 20:43:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/04/10 20:28:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/10 20:27:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/10 20:27:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/10 20:27:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/10 20:16:54 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9467.exe
[2010/04/08 10:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/04/08 10:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/08 10:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/04/07 21:01:51 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF22050.exe
[2010/04/07 20:49:20 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF20966.exe
[2010/04/07 13:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/07 13:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/04/07 13:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/06 23:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/06 10:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\avG
[2010/04/06 10:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/06 10:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/06 10:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/06 07:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/05 12:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/04/05 07:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/18 07:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/03 10:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/19 07:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/30 07:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/11/19 17:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/10/12 10:36:46 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2007/12/02 10:31:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/07/15 13:24:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2007/04/13 15:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2007/03/30 06:20:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/11/08 10:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Talkback
[2004/11/08 10:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2004/11/08 10:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2004/10/07 16:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/10/02 21:36:04 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/13 16:54:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/13 16:23:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/13 15:17:06 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/13 15:16:46 | 004,925,591 | ---- | M] () -- C:\WINDOWS\{00000006-00000000-00000001-00001102-00000004-20021102}.CDF
[2010/04/13 15:16:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/13 15:16:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 15:06:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/04/13 15:06:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/04/13 15:06:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/04/13 15:06:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/04/13 15:06:24 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Daily Scan).job
[2010/04/13 15:06:24 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Weekly Scan).job
[2010/04/13 15:05:28 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/13 15:05:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/13 15:05:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/13 15:05:05 | 1071,489,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/13 13:36:22 | 000,031,452 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000006-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/04/13 13:36:22 | 000,031,452 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000006-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/04/13 13:36:22 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000006-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/04/13 13:36:22 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000006-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/04/13 13:36:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/04/13 13:36:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/04/13 13:36:22 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000006-00000000-00000001-00001102-00000004-20021102}.dat
[2010/04/13 13:36:22 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000006-00000000-00000001-00001102-00000004-20021102}.dat
[2010/04/13 13:35:57 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/04/13 13:35:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/13 13:35:36 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2010/04/13 08:09:33 | 000,000,656 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/04/13 07:54:21 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/13 07:54:13 | 005,650,240 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Owner\Desktop\HitmanPro35.exe
[2010/04/12 20:04:06 | 001,057,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2009IR25.pdf
[2010/04/12 09:04:40 | 000,000,320 | ---- | M] () -- C:\WINDOWS\AceHTML.ini
[2010/04/11 01:45:19 | 037,968,392 | ---- | M] (CA, Inc. ) -- C:\Documents and Settings\Owner\Desktop\na_aspy_ca_32_en_NADefaulteCommTrial2009_trial.exe
[2010/04/11 01:18:08 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/04/11 00:50:25 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/04/11 00:50:13 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2010/04/10 21:21:10 | 000,004,182 | ---- | M] () -- C:\WINDOWS\System32\entitlement.xml
[2010/04/10 21:01:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/10 20:28:56 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/10 20:17:13 | 003,911,676 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/04/10 20:16:24 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9467.exe
[2010/04/10 20:11:22 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciide.sys
[2010/04/10 08:25:33 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/07 20:52:24 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF22050.exe
[2010/04/07 20:46:52 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF20966.exe
[2010/04/07 16:56:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/06 10:35:45 | 000,012,580 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/05 12:16:54 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/05 12:16:52 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/01 23:58:14 | 002,106,558 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/25 05:08:27 | 010,933,760 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Reflexology.doc
[2010/03/24 08:26:29 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/13 08:09:33 | 000,000,656 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/04/13 07:54:35 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/13 07:54:21 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/12 20:04:06 | 001,057,515 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2009IR25.pdf
[2010/04/11 23:48:00 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2010/04/11 01:18:08 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/04/11 00:50:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/04/10 21:21:10 | 000,004,182 | ---- | C] () -- C:\WINDOWS\System32\entitlement.xml
[2010/04/10 20:28:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/10 20:28:47 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/10 20:27:07 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/10 20:27:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/10 20:27:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/10 20:27:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/10 08:25:33 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/09 20:08:27 | 1071,489,024 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/06 10:33:34 | 000,012,580 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\3Yfi
[2010/04/06 10:33:34 | 000,012,580 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/03/25 04:49:33 | 010,933,760 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Reflexology.doc
[2010/03/13 18:27:40 | 000,000,753 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/12 20:43:11 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2009/12/22 16:27:42 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\Owner\.ufrawrc
[2009/12/06 10:20:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/11/14 14:11:11 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/14 14:11:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/14 14:10:54 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/14 14:10:54 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/10/22 20:34:32 | 014,680,064 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/03/24 10:28:14 | 000,001,049 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/03/24 10:28:14 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/03/24 10:27:51 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/03/24 10:27:51 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/03/24 10:26:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/03/24 10:26:20 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/03/24 10:24:15 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/01/28 17:22:38 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/10/21 14:37:08 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\usb.dat.bin
[2008/10/19 09:37:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\AdobeWeb.log
[2007/12/29 07:58:19 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/07/22 10:59:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/07/22 10:58:42 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/07/22 10:58:42 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/07/15 13:24:38 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ezpinst.exe
[2007/07/15 13:24:38 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2007/07/15 13:24:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2007/07/15 13:24:38 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2006/10/16 06:36:51 | 000,002,242 | ---- | C] () -- C:\Documents and Settings\Owner\newsletter_form.txt
[2006/08/16 20:22:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2006/06/08 17:47:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/04/30 15:25:25 | 000,000,392 | ---- | C] () -- C:\WINDOWS\Trpmaker.INI
[2006/04/30 15:24:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2006/04/30 15:24:27 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\Leaddib.drv
[2006/04/30 15:24:27 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\Fprun300.dll
[2006/03/15 22:15:23 | 000,002,943 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/14 21:30:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/12/14 19:49:54 | 000,006,967 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/30 23:01:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2005/09/20 14:05:07 | 000,000,305 | ---- | C] () -- C:\WINDOWS\sampler.INI
[2005/09/20 14:05:07 | 000,000,304 | ---- | C] () -- C:\WINDOWS\beatbox.INI
[2005/08/06 10:32:13 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MouseTrapLib.dll
[2005/05/29 16:52:47 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Owner\reglog.txt
[2005/04/08 20:54:01 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/08 07:50:57 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/12/08 07:50:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/12/05 09:38:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\inventory.INI
[2004/10/15 14:01:49 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2004/10/15 14:00:19 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/13 20:06:27 | 000,000,098 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2004/10/10 11:52:25 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2004/10/10 11:52:25 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2004/10/09 15:11:47 | 000,000,080 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2004/10/02 21:36:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/10/02 21:36:26 | 000,043,080 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2004/10/02 21:36:26 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/10/02 21:36:13 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/10/02 21:36:13 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/10/02 21:34:10 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/10/02 08:39:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/24 19:49:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/09/19 09:28:59 | 000,025,108 | ---- | C] () -- C:\WINDOWS\php.ini
[2004/09/14 20:41:08 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/09/13 06:31:38 | 000,001,749 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/09/11 15:50:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/09/11 13:12:56 | 000,000,320 | ---- | C] () -- C:\WINDOWS\AceHTML.ini
[2004/09/10 07:06:11 | 000,000,272 | ---- | C] () -- C:\WINDOWS\muma2004.INI
[2004/09/10 06:51:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/09/10 06:48:31 | 000,000,730 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2004/09/10 06:48:31 | 000,000,135 | ---- | C] () -- C:\WINDOWS\magix.ini
[2004/09/09 20:46:49 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2004/09/09 20:46:49 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2004/09/09 19:55:46 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/09/09 18:50:42 | 000,385,024 | ---- | C] () -- C:\WINDOWS\_MWOLTB.DLL
[2004/07/14 20:09:12 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/07/14 20:09:12 | 000,000,529 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/02/05 22:34:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/05 19:28:17 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/02/04 22:12:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/04 21:59:58 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2004/02/04 21:59:58 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Custom Scans ==========


< %appdata%\*.exe >
[2007/07/15 13:24:39 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\ezpinst.exe

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/09/09 18:30:54 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/20 07:49:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/09/09 18:30:54 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/20 07:49:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/03/31 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2002/08/29 05:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: BEEP.SYS >
[2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 03:56:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 03:56:45 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\dllcache\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E84CA8F2
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Extra.txt
OTL Extras logfile created on: 4/13/2010 4:55:21 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 379.00 Mb Available Physical Memory | 37.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 69.95 Gb Free Space | 30.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EGGANDONION
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"13048:TCP" = 13048:TCP:*:Enabled:BitComet 13048 TCP
"13048:UDP" = 13048:UDP:*:Enabled:BitComet 13048 UDP
"9023:TCP" = 9023:TCP:*:Enabled:BitComet 9023 TCP
"9023:UDP" = 9023:UDP:*:Enabled:BitComet 9023 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Visicom Media\AceFTP2\aceftp.exe" = C:\Program Files\Visicom Media\AceFTP2\aceftp.exe:*:Enabled:AceFTP v2 -- (Visicom Media Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Creative\SBAudigy2ZS\Creative ASR2\CTASR.exe" = C:\Program Files\Creative\SBAudigy2ZS\Creative ASR2\CTASR.exe:*:Enabled:Creative ASR -- (Creative Technology Ltd)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\In-Fisherman\In-fisherman.exe" = C:\Program Files\In-Fisherman\In-fisherman.exe:*:Enabled:In-fisherman -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Documents and Settings\Owner\Local Settings\temp\WZS10F.tmp\rctrec1.exe" = C:\Documents and Settings\Owner\Local Settings\temp\WZS10F.tmp\rctrec1.exe:*:Enabled:rctrec1 -- File not found
"C:\Documents and Settings\Owner\Local Settings\temp\WZS110.tmp\rctrec1.exe" = C:\Documents and Settings\Owner\Local Settings\temp\WZS110.tmp\rctrec1.exe:*:Enabled:rctrec1 -- File not found
"C:\Documents and Settings\Owner\Local Settings\temp\WZS111.tmp\rctrec1.exe" = C:\Documents and Settings\Owner\Local Settings\temp\WZS111.tmp\rctrec1.exe:*:Enabled:rctrec1 -- File not found
"C:\Documents and Settings\Owner\Local Settings\temp\WZS114.tmp\rctrec1.exe" = C:\Documents and Settings\Owner\Local Settings\temp\WZS114.tmp\rctrec1.exe:*:Enabled:rctrec1 -- File not found
"C:\Program Files\bfgclient\bfgclient.exe" = C:\Program Files\bfgclient\bfgclient.exe:*:Enabled:bfgclient.exe -- ()
"C:\Program Files\bfgclient\bfgprocess.exe" = C:\Program Files\bfgclient\bfgprocess.exe:*:Enabled:bfgprocess.exe -- ()
"C:\Program Files\bfgclient\bfggameservices.exe" = C:\Program Files\bfgclient\bfggameservices.exe:*:Enabled:bfggameservices.exe -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{169F8893-C1C5-4847-972C-EA1E008112AC}" =
"{16D9439B-DF3D-43D1-A727-4B335300D07A}" = OverDrive Media Console
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1888DAFD-C634-4BC4-865C-3455E24F6177}" =
"{18D10072035C4515918F7E37EAFAACFC}" =
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236FADD8-58FD-11D6-A285-00A0CC51B2FE}" =
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{403EF592-953B-4794-BCEF-ECAB835C2095}" =
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{435E969D-867E-4364-8E74-3DC8A69C5BDB}" =
"{436DF5BA-80A6-47FB-9EB8-9CACA48449BD}" = Protection Control Center
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{50915408-4940-4C36-B4CC-0D9944FA4C59}" =
"{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}" =
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{54CECE41-3E6C-4841-BE8D-47D7108DA1DC}" = Protection Control Center
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5933921D-4253-40B6-B4D9-B7D680F1B6EC}" =
"{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}" =
"{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}" =
"{62369F2F77534556AEF4C58152E3BDE5}" =
"{62FC357F-022B-4F90-9376-7A0DF9FBE7A1}" = Sonic Foundry Sound Forge 6.0
"{64963FAF-E357-4B8E-BDB6-A02C9F6C2D4E}" = In-Fisherman Freshwater Trophies
"{67AEFC4C-69E4-11D7-85F4-00E018013273}" =
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7201B853-5833-11D6-A285-00A0CC51B2FE}" =
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73006B34-9743-4A39-AC37-38EDFCEB6DCE}" = Adobe Product/Adobe Studio Update 10/2001
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}" =
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7A900EAB-DA37-4554-AF19-9C337476D05D}" =
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{869D88A5-BD6C-4E39-8536-D95259EAD7E8}" =
"{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}" =
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}" =
"{89C43B94-02D9-47CB-A338-8CEC0E70F638}" =
"{8ADFC4160D694100B5B8A22DE9DCABD9}" =
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3}" =
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9154ED7C-926E-49CC-B677-0CF3C5267457}" =
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}" =
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1185190-514F-11D6-A285-00A0CC51B2FE}" =
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC157741-3285-4D6A-B934-9174587A3493}" =
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.5
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4}" =
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield
"{B13A7C41581B411290FBC0395694E2A9}" =
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3549608-69D3-11D7-AB2D-0090271A23A2}" =
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}" =
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D}" = Merriam-Webster Online Toolbar
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C683356A-3C1A-49D7-BC37-3DBA6683C879}" = Authentium FW SDK
"{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}" =
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8E7C6B3-3EAA-47DF-BC4A-4F355075527E}" = Protection Control Center
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D3386797-A836-4030-AB5D-4E89F2F15F33}" = Authentium
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}" =
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1423608-F529-40A1-93CA-C7F396F30DF0}" = Google SketchUp
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EDFE2142-CFB3-44AB-A961-DE85F6408A28}" = Sentinel Protection Installer 7.3.2
"{EE6699B3-E5AD-4E59-8F2B-207DF630670C}" =
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}" =
"{FBCCF9CE-61EE-425E-BE4D-959D76FA7701}" = Adobe GoLive 5.0
"{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}" =
"{FD851F7E-F887-405D-9E1C-488811113EF3}" =
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"225af9a1-b556-11d5-94aa-0010b5426419" = MyDSC_CIF
"AC3Filter" = AC3Filter (remove only)
"AceHTML 6 Pro" = AceHTML 6 Pro
"Ad-Aware" = Ad-Aware
"AddressBook" =
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Diagnostics_N" =
"ATI Display Driver" = ATI Display Driver
"Audio Stream Recorder2" =
"AudioHQ" =
"Avi2Dvd" = Avi2Dvd 0.5
"AviSynth" = AviSynth 2.5
"Backgammon" = Backgammon
"BFGC" = Big Fish Games Client
"BFG-Westward II - Heroes of the Frontier" = Westward II: Heroes of the Frontier
"Chicken Chase" = Chicken Chase (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"Connection Manager" =
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Creative MediaSource" =
"Creative MediaSource AudioSync Plugin" =
"Creative MediaSource CD-ROM Burner Plugin" =
"Creative MediaSource Detector" =
"Creative MediaSource DVD-Audio Player" =
"Creative MediaSource Go!" =
"Creative MediaSource NOMAD II/MG Plugin" =
"Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin" =
"Creative MediaSource NOMAD Jukebox Plugin" =
"Creative MediaSource NOMAD MuVo Plugin" =
"Creative MediaSource Player Skin Pack" =
"Creative MediaSource RemoteControl Plugin" =
"Creative MiniDisc Center" =
"Creative Restore Defaults" =
"Creative WaveStudio" =
"Diagnostics_Audigy2" =
"DirectAnimation" =
"DirectDrawEx" =
"DXM_Runtime" =
"EarthLink Protection Control Center Update" =
"EarthLink TotalAccess 2004" =
"EAX" =
"EQUALIZER" =
"ffdshow_is1" = ffdshow [rev 2844] [2009-03-30]
"Fish Tycoon" = Fish Tycoon (remove only)
"FitDay_is1" = FitDay PC version 1.0
"FLAC" = FLAC Installer 1.1.1a (remove only)
"Fontcore" =
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"Halsoft Mega Yahtzee" = Halsoft Mega Yahtzee
"Halsoft Virtual Places Chat" = Halsoft Virtual Places Chat
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"HP Photo & Imaging" = HP Image Zone 4.2
"ICW" =
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{64963FAF-E357-4B8E-BDB6-A02C9F6C2D4E}" = In-Fisherman Freshwater Trophies
"InterActual Player" = InterActual Player
"Law & Order Criminal Intent - The Vengeful Heart" = Law & Order Criminal Intent - The Vengeful Heart (remove only)
"MAGIX music maker 2004 deLuxe" = MAGIX music maker 2004 deLuxe
"MAGIX playR jukebox" = MAGIX playR jukebox
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft NetShow Player 2.0" =
"mkwACT" = mkw Audio Compression Toolkit
"MobileOptionPack" =
"Moraff's Maximum MahJongg" = Moraff's Maximum MahJongg
"Mozilla (1.7.2)" = Mozilla (1.7.2)
"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)
"MPlayer2" =
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MSN Music Assistant" = MSN Music Assistant
"MyPublisher" = MyPublisher
"MySpaceIM" = MySpaceIM
"Nancy Drew - Curse of Blackmoor Manor" = Nancy Drew - Curse of Blackmoor Manor (remove only)
"Nancy Drew - Danger by Design" = Nancy Drew - Danger by Design (remove only)
"Nancy Drew - Last Train to Blue Moon Canyon" = Nancy Drew - Last Train to Blue Moon Canyon (remove only)
"Nancy Drew - Secret Of The Old Clock" = Nancy Drew - Secret Of The Old Clock (remove only)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NetMeeting" =
"Netscape (7.2)" = Netscape (7.2)
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"Opera" = Opera
"OutlookExpress" =
"PC Pitstop Driver Alert_is1" = PC Pitstop Driver Alert 1.0
"PC Pitstop Exterminate_is1" = PC Pitstop Exterminate 1.0
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0
"PCHealth" =
"PCPitstop Panda AntiVirus Scan" = PCPitstop Panda AntiVirus Scan (remove only)
"Pdf995" = Pdf995
"PENTAX Digital Camera Utility" = PENTAX Digital Camera Utility
"Picasa 3" = Picasa 3
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PopCap Browser Plugin" = PopCap Browser Plugin
"Power MP3 WMA Converter_is1" = Power MP3 WMA Converter 1.15
"RealJukebox 1.0" =
"RealPlayer 6.0" = RealPlayer
"Ricochet Lost Worlds" = Ricochet Lost Worlds (remove only)
"SB Audigy 2 Getting Started Demo" =
"SchedulingAgent" =
"SeaMonkey (1.1.12)" = SeaMonkey (1.1.12)
"SFBM" =
"Shockwave" =
"SiteGrinder2" = Media Lab SiteGrinder 2 (Basic & Pro)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sound Blaster Audigy 2 ZS" =
"Sound Blaster Audigy 2 ZS Windows Drivers" =
"SPEAKER" =
"SPKR_CALIBRATOR" =
"SURMIXER" =
"SysInfo" = Creative System Information
"The Last Express" = The Last Express
"THX_Console" =
"UFRaw_is1" = UFRaw 0.16
"Upromise TurboSaver" = Upromise TurboSaver (remove only)
"VB Runtime" = VB Runtime
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Villagers" = Virtual Villagers (remove only)
"Virtual Villagers - The Lost Children" = Virtual Villagers - The Lost Children (remove only)
"WeatherBug" = WeatherBug
"WebReaper_is1" = WebReaper v10
"Westward" = Westward (remove only)
"WIC" =
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinZip" = WinZip
"X-Stitch Studio" =
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" =
"Yahoo! Toolbar" = Yahoo! Toolbar
"yak163splash" = yak163splash

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-769117909-3878923446-900787009-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/10/2010 9:21:30 PM | Computer Name = EGGANDONION | Source = MsiInstaller | ID = 1008
Description = The installation of C:\DOCUME~1\Owner\LOCALS~1\Temp\pft8.tmp\sc\hips\hips_cc.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 4/10/2010 9:23:02 PM | Computer Name = EGGANDONION | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Downloaded Installations\{CBD80C9A-86AA-4226-BC78-B6CDA183E11A}\CA
Pest Patrol Realtime Protection.msi is not permitted due to an error in software
restriction policy processing. The object cannot be trusted.

Error - 4/10/2010 9:23:04 PM | Computer Name = EGGANDONION | Source = MsiInstaller | ID = 1008
Description = The installation of C:\DOCUME~1\Owner\LOCALS~1\Temp\pft24.tmp\sc\catest.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 4/10/2010 9:23:05 PM | Computer Name = EGGANDONION | Source = MsiInstaller | ID = 1008
Description = The installation of C:\DOCUME~1\Owner\LOCALS~1\Temp\pft24.tmp\sc\catest.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 4/10/2010 9:23:09 PM | Computer Name = EGGANDONION | Source = MsiInstaller | ID = 1008
Description = The installation of C:\DOCUME~1\Owner\LOCALS~1\Temp\pft24.tmp\sc\hips\hips_cc.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 4/11/2010 1:33:15 AM | Computer Name = EGGANDONION | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 4/11/2010 1:43:14 AM | Computer Name = EGGANDONION | Source = Application Hang | ID = 1002
Description = Hanging application casc.exe, version 5.0.0.626, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/11/2010 1:43:15 AM | Computer Name = EGGANDONION | Source = Application Hang | ID = 1002
Description = Hanging application casc.exe, version 5.0.0.626, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2010 12:07:48 PM | Computer Name = EGGANDONION | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10c.ocx, version 10.0.32.18, fault address 0x000b62c6.

Error - 4/13/2010 1:35:54 PM | Computer Name = EGGANDONION | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 4/13/2010 1:35:15 PM | Computer Name = EGGANDONION | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 4/13/2010 1:35:15 PM | Computer Name = EGGANDONION | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/13/2010 1:37:26 PM | Computer Name = EGGANDONION | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/13/2010 1:37:26 PM | Computer Name = EGGANDONION | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/13/2010 1:37:26 PM | Computer Name = EGGANDONION | Source = Service Control Manager | ID = 7000
Description = The Apache service failed to start due to the following error: %%3

Error - 4/13/2010 1:37:26 PM | Computer Name = EGGANDONION | Source = Service Control Manager | ID = 7000
Description = The ProtectionService service failed to start due to the following
error: %%3

Error - 4/13/2010 3:05:21 PM | Computer Name = EGGANDONION | Source = Service Control Manager | ID = 7000
Description = The Apache service failed to start due to the following error: %%3

Error - 4/13/2010 3:05:21 PM | Computer Name = EGGANDONION | Source = Service Control Manager | ID = 7000
Description = The ProtectionService service failed to start due to the following
error: %%3

Error - 4/13/2010 3:05:23 PM | Computer Name = EGGANDONION | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/13/2010 3:05:23 PM | Computer Name = EGGANDONION | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:46 AM

Posted 13 April 2010 - 05:02 PM

Hi Jenniferrd,

I don't see an updated Anti Virus Program running on your machine, It is essential that you have an Anti Virus installed
and keep it updated. Without an updated Anti Virus running you are leaving your self wide open to infection every time you
go on the internet.

These are some suggestion for a good free (non-commercial home use) Anti Virus:

Avast!
Antivir
AVG

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (ProtectionService)
    SRV - File not found [Auto | Stopped] -- -- (Apache)
    SRV - File not found [Disabled | Stopped] -- -- (ADSService)
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-769117909-3878923446-900787009-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-21-769117909-3878923446-900787009-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
    O4 - HKLM..\Run: [CTHelper] File not found
    O4 - HKLM..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe File not found
    O4 - HKU\S-1-5-21-769117909-3878923446-900787009-1003..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O21 - SSODL: hawewemez - {658be8a2-3b3c-4e02-91f9-5d46002e9ce9} - CLSID or File not found.
    O22 - SharedTaskScheduler: {658be8a2-3b3c-4e02-91f9-5d46002e9ce9} - tokatiluy - Reg Error: Key error. File not found
    [2004/11/08 10:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
    [3 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [2010/04/06 10:35:45 | 000,012,580 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
    @Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E84CA8F2
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"=-
    "C:\Program Files\BitComet\BitComet.exe"=-
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=-
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"=-
    "C:\Program Files\AIM6\aim6.exe"=-
    "C:\Documents and Settings\Owner\Local Settings\temp\WZS10F.tmp\rctrec1.exe"=-
    "C:\Documents and Settings\Owner\Local Settings\temp\WZS110.tmp\rctrec1.exe"=-
    "C:\Documents and Settings\Owner\Local Settings\temp\WZS111.tmp\rctrec1.exe"=-
    "C:\Documents and Settings\Owner\Local Settings\temp\WZS114.tmp\rctrec1.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{169F8893-C1C5-4847-972C-EA1E008112AC}"=-
    "{1888DAFD-C634-4BC4-865C-3455E24F6177}"=-
    "{18D10072035C4515918F7E37EAFAACFC}"=-
    "{236FADD8-58FD-11D6-A285-00A0CC51B2FE}"=-
    "{403EF592-953B-4794-BCEF-ECAB835C2095}"=-
    "{435E969D-867E-4364-8E74-3DC8A69C5BDB}"=-
    "{50915408-4940-4C36-B4CC-0D9944FA4C59}"=-
    "{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}"=-
    "{5933921D-4253-40B6-B4D9-B7D680F1B6EC}"=-
    "{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}"=-
    "{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}"=-
    "{62369F2F77534556AEF4C58152E3BDE5}"=-
    "{67AEFC4C-69E4-11D7-85F4-00E018013273}"=-
    "{7201B853-5833-11D6-A285-00A0CC51B2FE}"=-
    "{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}"=-
    "{7A900EAB-DA37-4554-AF19-9C337476D05D}"=-
    "{7B63B2922B174135AFC0E1377DD81EC2}"=-
    "{869D88A5-BD6C-4E39-8536-D95259EAD7E8}"=-
    "{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}"=-
    "{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}"=-
    "{89C43B94-02D9-47CB-A338-8CEC0E70F638}"=-
    "{8ADFC4160D694100B5B8A22DE9DCABD9}"=-
    "{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3}"=-
    "{9154ED7C-926E-49CC-B677-0CF3C5267457}"=-
    "{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}"=-
    "{A1185190-514F-11D6-A285-00A0CC51B2FE}"=-
    "{AC157741-3285-4D6A-B934-9174587A3493}"=-
    "{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4}"=-
    "{B13A7C41581B411290FBC0395694E2A9}"=-
    "{B3549608-69D3-11D7-AB2D-0090271A23A2}"=-
    "{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}"=-
    "{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}"=-
    "{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}"=-
    "{EE6699B3-E5AD-4E59-8F2B-207DF630670C}"=-
    "{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}"=-
    "{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}"=-
    "{FD851F7E-F887-405D-9E1C-488811113EF3}"=-
    "AddressBook"=-
    "AOL Diagnostics_N"=-
    "Audio Stream Recorder2"=-
    "AudioHQ"=-
    "Connection Manager"=-
    "Creative MediaSource"=-
    "Creative MediaSource AudioSync Plugin"=-
    "Creative MediaSource CD-ROM Burner Plugin"=-
    "Creative MediaSource Detector"=-
    "Creative MediaSource DVD-Audio Player"=-
    "Creative MediaSource Go!"=-
    "Creative MediaSource NOMAD II/MG Plugin"=-
    "Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin"=-
    "Creative MediaSource NOMAD Jukebox Plugin"=-
    "Creative MediaSource NOMAD MuVo Plugin"=-
    "Creative MediaSource Player Skin Pack"=-
    "Creative MediaSource RemoteControl Plugin"=-
    "Creative MiniDisc Center"=-
    "Creative Restore Defaults"=-
    "Creative WaveStudio"=-
    "Diagnostics_Audigy2"=-
    "DirectAnimation"=-
    "DirectDrawEx"=-
    "DXM_Runtime"=-
    "EarthLink Protection Control Center Update"=-
    "EarthLink TotalAccess 2004"=-
    "EAX"=-
    "EQUALIZER"=-
    "Fontcore"=-
    "ICW"=-
    "IE40"=-
    "IE4Data"=-
    "IE5BAKEX"=-
    "IEData"=-
    "InstallShield Uninstall Information"=-
    "Microsoft NetShow Player 2.0"=-
    "MobileOptionPack"=-
    "MPlayer2"=-
    "MSI30a-KB884016"=-
    "MSI30-Beta1"=-
    "MSI30-Beta2"=-
    "MSI30-KB884016"=-
    "MSI30-RC1"=-
    "MSI30-RC2"=-
    "MSI31-Beta"=-
    "MSI31-RC1"=-
    "NetMeeting"=-
    "OutlookExpress"=-
    "PCHealth"=-
    "RealJukebox 1.0"=-
    "SB Audigy 2 Getting Started Demo"=-
    "SchedulingAgent"=-
    "SFBM"=-
    "Shockwave"=-
    "Sound Blaster Audigy 2 ZS"=-
    "Sound Blaster Audigy 2 ZS Windows Drivers"=-
    "SPEAKER"=-
    "SPKR_CALIBRATOR"=-
    "SURMIXER"=-
    "THX_Console"=-
    "WIC"=-
    "X-Stitch Studio"=-
    "Yahoo! Messenger"=-
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • Gmer log

Thanks

unite.jpg


#5 Jenniferrd

Jenniferrd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 13 April 2010 - 07:27 PM

Help! I downloaded and installed Avast, as you suggested, ran both OTL logs, and as I was running Gmer, it lockup up my system entirely, and I had to reboot - upon reboot, the computer became infected with XP Defender - what do I do now, I can hardly do anything with the system?

#6 Jenniferrd

Jenniferrd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 14 April 2010 - 05:24 AM

Hi, I was able to get rid of the Trojans using Hitman - however, I'm still having the same issues with the browser hijacks and popups. I was not able to complete the Gmer log, as it kept locking up my system, and after running the program all night, there was still no results in the morning. Here are the other two logs you requested. Another question I have, I am currently running Lavasoft's Ad-ware Pro on my system, and I was under the impression that it is an anti-virus program as well as an anti-malware and anti-rootkit program, that is what it is advertised as and says right on the software - since you had me download Avast, won't this conflict with it?

OTL FIX log:
All processes killed
========== OTL ==========
Service ProtectionService stopped successfully!
Service ProtectionService deleted successfully!
Service Apache stopped successfully!
Service Apache deleted successfully!
Service ADSService stopped successfully!
Service ADSService deleted successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-769117909-3878923446-900787009-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-769117909-3878923446-900787009-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ccApp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CTHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Earthlink Protection Control Center deleted successfully.
Registry value HKEY_USERS\S-1-5-21-769117909-3878923446-900787009-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\hawewemez deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{658be8a2-3b3c-4e02-91f9-5d46002e9ce9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{658be8a2-3b3c-4e02-91f9-5d46002e9ce9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{658be8a2-3b3c-4e02-91f9-5d46002e9ce9}\ not found.
C:\Documents and Settings\NetworkService\Application Data\Symantec\Shared folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Symantec folder moved successfully.
C:\ANTIGEN.tmp deleted successfully.
C:\eb.tmp deleted successfully.
C:\SM.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\pciide.sys.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\3Yfi moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E84CA8F2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Owner\Local Settings\temp\WZS10F.tmp\rctrec1.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Owner\Local Settings\temp\WZS110.tmp\rctrec1.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Owner\Local Settings\temp\WZS111.tmp\rctrec1.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Owner\Local Settings\temp\WZS114.tmp\rctrec1.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{169F8893-C1C5-4847-972C-EA1E008112AC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{169F8893-C1C5-4847-972C-EA1E008112AC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{1888DAFD-C634-4BC4-865C-3455E24F6177} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1888DAFD-C634-4BC4-865C-3455E24F6177}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{18D10072035C4515918F7E37EAFAACFC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18D10072035C4515918F7E37EAFAACFC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{236FADD8-58FD-11D6-A285-00A0CC51B2FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{403EF592-953B-4794-BCEF-ECAB835C2095} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{403EF592-953B-4794-BCEF-ECAB835C2095}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{435E969D-867E-4364-8E74-3DC8A69C5BDB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{50915408-4940-4C36-B4CC-0D9944FA4C59} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50915408-4940-4C36-B4CC-0D9944FA4C59}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{5933921D-4253-40B6-B4D9-B7D680F1B6EC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{62369F2F77534556AEF4C58152E3BDE5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62369F2F77534556AEF4C58152E3BDE5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{67AEFC4C-69E4-11D7-85F4-00E018013273} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67AEFC4C-69E4-11D7-85F4-00E018013273}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{7201B853-5833-11D6-A285-00A0CC51B2FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7201B853-5833-11D6-A285-00A0CC51B2FE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{7A900EAB-DA37-4554-AF19-9C337476D05D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A900EAB-DA37-4554-AF19-9C337476D05D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{7B63B2922B174135AFC0E1377DD81EC2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B63B2922B174135AFC0E1377DD81EC2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{869D88A5-BD6C-4E39-8536-D95259EAD7E8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{89C43B94-02D9-47CB-A338-8CEC0E70F638} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89C43B94-02D9-47CB-A338-8CEC0E70F638}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{8ADFC4160D694100B5B8A22DE9DCABD9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ADFC4160D694100B5B8A22DE9DCABD9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{9154ED7C-926E-49CC-B677-0CF3C5267457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9154ED7C-926E-49CC-B677-0CF3C5267457}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{A1185190-514F-11D6-A285-00A0CC51B2FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1185190-514F-11D6-A285-00A0CC51B2FE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{AC157741-3285-4D6A-B934-9174587A3493} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC157741-3285-4D6A-B934-9174587A3493}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{B13A7C41581B411290FBC0395694E2A9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B13A7C41581B411290FBC0395694E2A9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{B3549608-69D3-11D7-AB2D-0090271A23A2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3549608-69D3-11D7-AB2D-0090271A23A2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{EE6699B3-E5AD-4E59-8F2B-207DF630670C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{FD851F7E-F887-405D-9E1C-488811113EF3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD851F7E-F887-405D-9E1C-488811113EF3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\AddressBook not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\AOL Diagnostics_N not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Audio Stream Recorder2 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\AudioHQ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Connection Manager not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MediaSource not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MediaSource AudioSync Plugin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MediaSource CD-ROM Burner Plugin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MediaSource Detector not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MediaSource DVD-Audio Player not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MediaSource Go! not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MediaSource NOMAD II/MG Plugin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MediaSource NOMAD Jukebox Plugin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MediaSource NOMAD MuVo Plugin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MediaSource Player Skin Pack not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MediaSource RemoteControl Plugin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative MiniDisc Center not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative Restore Defaults not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Creative WaveStudio not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Diagnostics_Audigy2 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\DirectAnimation not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\DirectDrawEx not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\DXM_Runtime not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\EarthLink Protection Control Center Update not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\EarthLink TotalAccess 2004 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\EAX not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\EQUALIZER not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Fontcore not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\ICW not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\IE40 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\IE4Data not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\IE5BAKEX not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\IEData not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\InstallShield Uninstall Information not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Microsoft NetShow Player 2.0 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MobileOptionPack not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MPlayer2 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MSI30a-KB884016 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MSI30-Beta1 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MSI30-Beta2 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MSI30-KB884016 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MSI30-RC1 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MSI30-RC2 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MSI31-Beta not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MSI31-RC1 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\NetMeeting not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\OutlookExpress not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\PCHealth not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\RealJukebox 1.0 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SB Audigy 2 Getting Started Demo not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SchedulingAgent not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SFBM not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Shockwave not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Sound Blaster Audigy 2 ZS not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Sound Blaster Audigy 2 ZS Windows Drivers not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SPEAKER not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SPKR_CALIBRATOR not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SURMIXER not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\THX_Console not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\WIC not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\X-Stitch Studio not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Yahoo! Messenger not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 592 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 531638 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 2644 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26182143 bytes
->Java cache emptied: 17779 bytes
->Flash cache emptied: 17387 bytes

User: Owner
->Temp folder emptied: 177809505 bytes
->Temporary Internet Files folder emptied: 6313920 bytes
->Java cache emptied: 74745403 bytes
->FireFox cache emptied: 74606155 bytes
->Flash cache emptied: 3823582 bytes

User: Test Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 5193788 bytes
->FireFox cache emptied: 919554 bytes
->Flash cache emptied: 12162 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6433 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 456455 bytes

Total Files Cleaned = 354.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Application Data

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Test Admin
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04132010_181231

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

NEW OTL LOG:
OTL logfile created on: 4/13/2010 6:22:23 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 417.00 Mb Available Physical Memory | 41.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 69.74 Gb Free Space | 29.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EGGANDONION
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/13 16:54:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/06 14:42:25 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/05 12:16:01 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/09 06:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/07/01 13:35:38 | 000,167,936 | ---- | M] () -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2009/07/01 13:19:32 | 000,081,920 | ---- | M] (Compete Inc) -- C:\Program Files\Upromise\dca-ua.exe
PRC - [2009/04/26 15:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
PRC - [2008/09/25 09:51:54 | 000,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/05/29 12:49:50 | 001,085,440 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/10/01 10:01:12 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/21 13:38:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006/06/05 14:51:16 | 000,147,728 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe
PRC - [2006/01/06 09:57:20 | 001,343,488 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2005/09/24 02:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/09/11 08:15:36 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/05/17 19:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2003/06/12 09:47:06 | 000,135,168 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe


========== Modules (SafeList) ==========

MOD - [2010/04/13 16:54:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/04/06 14:42:25 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/04/26 15:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2008/08/30 23:11:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/16 16:33:14 | 004,664,344 | ---- | M] (Sana Security) [On_Demand | Stopped] -- C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe -- (EarthLinkSafeConnectAgent)
SRV - [2006/06/05 14:51:16 | 000,147,728 | R--- | M] (Command Software Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/04/05 12:16:54 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/03/09 06:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 06:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 06:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 06:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 06:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 06:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/23 08:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/12/21 07:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/12/12 11:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/11/20 08:44:42 | 000,035,352 | ---- | M] (Aluria Software, a division of EarthLink, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADSMonitor.sys -- (ADSMonitor) ADSMonitor - (EarthLink Monitor Driver)
DRV - [2006/11/20 08:44:36 | 000,056,728 | ---- | M] (Aluria Software, a division of EarthLink, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADSFilter.sys -- (ADSFilter) ADSFilter - (Aluria Filter Driver)
DRV - [2006/11/10 14:11:50 | 000,042,040 | ---- | M] (Authentium Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GRTdiMon.sys -- (GRTdiMon)
DRV - [2006/11/10 14:11:48 | 000,022,584 | ---- | M] (Global RISC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GRFilter.sys -- (GRFILTER)
DRV - [2006/09/03 09:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/06/05 14:30:04 | 000,829,008 | R--- | M] (Command Software Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\css-dvp.sys -- (CSS DVP)
DRV - [2005/12/19 21:39:50 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/30 22:42:35 | 001,333,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/06 08:27:00 | 000,232,064 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/07/06 20:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/03/22 15:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 15:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/03/17 19:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/02/05 02:49:56 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/11/13 22:19:48 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/13 22:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 22:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/10 05:40:38 | 000,145,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/07/10 05:38:28 | 000,651,792 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/06/27 04:24:54 | 000,159,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/06/27 04:24:42 | 000,860,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/06/19 23:33:40 | 000,136,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/06/19 23:33:24 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/06/19 23:33:16 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/06/19 23:33:02 | 000,509,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 22:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/05/03 15:56:24 | 000,024,528 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/02/25 08:55:18 | 000,015,400 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.60
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {06C43693-2C7F-4beb-BB52-EF92C6CA0C44}:0.6.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {FA64083A-FCFA-418B-AB1F-6EF64E32C0D4}:1.9.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{FA64083A-FCFA-418B-AB1F-6EF64E32C0D4}: C:\Documents and Settings\Owner\Local Settings\Application Data\{FA64083A-FCFA-418B-AB1F-6EF64E32C0D4} [2010/01/23 20:45:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.2\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2010/02/17 12:29:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.2\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2010/02/12 15:13:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/13 09:39:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/13 08:09:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/02/24 11:44:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/02/12 15:13:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.12\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2010/02/24 11:47:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.12\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2010/02/12 15:13:39 | 000,000,000 | ---D | M]

[2008/10/11 13:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2004/09/19 08:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1jp6po85.default\extensions
[2004/09/19 08:34:33 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1jp6po85.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/17 14:14:34 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1jp6po85.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/13 10:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions
[2009/06/19 19:47:06 | 000,000,000 | ---D | M] (Send Page By Email) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{06C43693-2C7F-4beb-BB52-EF92C6CA0C44}
[2008/10/11 13:38:45 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2008/11/17 14:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008/10/11 13:38:13 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/08/16 20:47:34 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/11/17 14:47:33 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\searchplugins\aim-search.xml
[2010/04/10 21:22:30 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\searchplugins\mw-dictionary.xml
[2010/04/13 10:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/07 13:59:00 | 000,044,151 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\inspector.dll
[2007/05/19 17:36:58 | 000,147,456 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/04/11 02:03:50 | 000,000,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Merriam-Webster Online BHO) - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xmcszqr.Default User\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.65.dll ()
O3 - HKLM\..\Toolbar: (Merriam-Webster Online) - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL ()
O3 - HKCU\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Merriam-Webster Online) - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL ()
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe ()
O4 - HKCU..\Run: [Upromise Update] C:\Program Files\Upromise\dca-ua.exe (Compete Inc)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: MWOL &Dictionary - C:\WINDOWS\_MWOLTB.DLL ()
O8 - Extra context menu item: MWOL &Thesaurus - C:\WINDOWS\_MWOLTB.DLL ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/02/04 21:56:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/13 18:12:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/13 18:07:36 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/13 18:07:36 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/13 18:07:34 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/13 18:07:32 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/13 18:07:30 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/13 18:07:30 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/13 18:07:30 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/13 18:07:16 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/13 18:07:16 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/13 18:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/13 18:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/13 16:54:18 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/13 07:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/13 07:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/13 07:53:45 | 005,650,240 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Owner\Desktop\HitmanPro35.exe
[2010/04/11 01:44:33 | 037,968,392 | ---- | C] (CA, Inc. ) -- C:\Documents and Settings\Owner\Desktop\na_aspy_ca_32_en_NADefaulteCommTrial2009_trial.exe
[2010/04/11 00:50:12 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2010/04/10 21:25:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/10 20:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/10 20:43:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/04/10 20:28:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/10 20:27:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/10 20:27:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/10 20:27:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/10 20:16:54 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9467.exe
[2010/04/08 10:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/04/08 10:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/08 10:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/04/07 21:01:51 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF22050.exe
[2010/04/07 20:49:20 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF20966.exe
[2010/04/07 13:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/07 13:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/04/07 13:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/06 23:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/06 10:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\avG
[2010/04/06 10:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/06 10:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/06 10:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/06 07:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/05 12:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/04/05 07:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/18 07:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/03 10:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/19 07:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/30 07:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/11/19 17:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/10/12 10:36:46 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2007/12/02 10:31:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/07/15 13:24:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2007/04/13 15:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2007/03/30 06:20:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/11/08 10:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Talkback
[2004/11/08 10:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2004/10/07 16:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/10/02 21:36:04 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/04/13 18:23:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/13 18:20:54 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/04/13 18:20:54 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/04/13 18:20:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/04/13 18:20:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/04/13 18:20:52 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Daily Scan).job
[2010/04/13 18:20:51 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Weekly Scan).job
[2010/04/13 18:19:33 | 004,925,591 | ---- | M] () -- C:\WINDOWS\{00000006-00000000-00000001-00001102-00000004-20021102}.CDF
[2010/04/13 18:19:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/13 18:18:59 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/13 18:18:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 18:18:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/13 18:18:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/13 18:18:01 | 1071,489,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/13 18:17:14 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/04/13 18:17:14 | 000,031,452 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000006-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/04/13 18:17:14 | 000,031,452 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000006-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/04/13 18:17:14 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000006-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/04/13 18:17:14 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000006-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/04/13 18:17:14 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/04/13 18:17:14 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/04/13 18:17:14 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000006-00000000-00000001-00001102-00000004-20021102}.dat
[2010/04/13 18:17:14 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000006-00000000-00000001-00001102-00000004-20021102}.dat
[2010/04/13 18:16:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/13 18:07:37 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/13 18:07:31 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/13 18:06:31 | 045,942,928 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2010/04/13 16:54:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/13 15:17:06 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/13 13:35:36 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2010/04/13 08:09:33 | 000,000,656 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/04/13 07:54:21 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/13 07:54:13 | 005,650,240 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Owner\Desktop\HitmanPro35.exe
[2010/04/12 20:04:06 | 001,057,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2009IR25.pdf
[2010/04/12 09:04:40 | 000,000,320 | ---- | M] () -- C:\WINDOWS\AceHTML.ini
[2010/04/11 01:45:19 | 037,968,392 | ---- | M] (CA, Inc. ) -- C:\Documents and Settings\Owner\Desktop\na_aspy_ca_32_en_NADefaulteCommTrial2009_trial.exe
[2010/04/11 01:18:08 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/04/11 00:50:25 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/04/11 00:50:13 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2010/04/10 21:21:10 | 000,004,182 | ---- | M] () -- C:\WINDOWS\System32\entitlement.xml
[2010/04/10 21:01:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/10 20:28:56 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/10 20:17:13 | 003,911,676 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/04/10 20:16:24 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9467.exe
[2010/04/10 20:11:22 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciide.sys
[2010/04/10 08:25:33 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/07 20:52:24 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF22050.exe
[2010/04/07 20:46:52 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF20966.exe
[2010/04/07 16:56:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/05 12:16:54 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/05 12:16:52 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/01 23:58:14 | 002,106,558 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/25 05:08:27 | 010,933,760 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Reflexology.doc
[2010/03/24 08:26:29 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv

========== Files Created - No Company Name ==========

[2010/04/13 18:07:37 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/13 18:05:31 | 045,942,928 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2010/04/13 08:09:33 | 000,000,656 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/04/13 07:54:35 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/13 07:54:21 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/12 20:04:06 | 001,057,515 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2009IR25.pdf
[2010/04/11 23:48:00 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2010/04/11 01:18:08 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/04/11 00:50:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/04/10 21:21:10 | 000,004,182 | ---- | C] () -- C:\WINDOWS\System32\entitlement.xml
[2010/04/10 20:28:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/10 20:28:47 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/10 20:27:07 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/10 20:27:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/10 20:27:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/10 20:27:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/10 08:25:33 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/09 20:08:27 | 1071,489,024 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/06 10:33:34 | 000,012,580 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\3Yfi
[2010/03/25 04:49:33 | 010,933,760 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Reflexology.doc
[2010/03/13 18:27:40 | 000,000,753 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/12 20:43:11 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2009/12/22 16:27:42 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\Owner\.ufrawrc
[2009/12/06 10:20:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/11/14 14:11:11 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/14 14:11:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/14 14:10:54 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/14 14:10:54 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/10/22 20:34:32 | 014,680,064 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/03/24 10:28:14 | 000,001,049 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/03/24 10:28:14 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/03/24 10:27:51 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/03/24 10:27:51 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/03/24 10:26:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/03/24 10:26:20 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/03/24 10:24:15 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/01/28 17:22:38 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/10/21 14:37:08 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\usb.dat.bin
[2008/10/19 09:37:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\AdobeWeb.log
[2007/12/29 07:58:19 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/07/22 10:59:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/07/22 10:58:42 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/07/22 10:58:42 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/07/15 13:24:38 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ezpinst.exe
[2007/07/15 13:24:38 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2007/07/15 13:24:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2007/07/15 13:24:38 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2006/10/16 06:36:51 | 000,002,242 | ---- | C] () -- C:\Documents and Settings\Owner\newsletter_form.txt
[2006/08/16 20:22:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2006/06/08 17:47:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/04/30 15:25:25 | 000,000,392 | ---- | C] () -- C:\WINDOWS\Trpmaker.INI
[2006/04/30 15:24:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2006/04/30 15:24:27 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\Leaddib.drv
[2006/04/30 15:24:27 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\Fprun300.dll
[2006/03/15 22:15:23 | 000,002,943 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/14 21:30:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/12/14 19:49:54 | 000,006,967 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/30 23:01:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2005/09/20 14:05:07 | 000,000,305 | ---- | C] () -- C:\WINDOWS\sampler.INI
[2005/09/20 14:05:07 | 000,000,304 | ---- | C] () -- C:\WINDOWS\beatbox.INI
[2005/08/06 10:32:13 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MouseTrapLib.dll
[2005/05/29 16:52:47 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Owner\reglog.txt
[2005/04/08 20:54:01 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/08 07:50:57 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/12/08 07:50:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/12/05 09:38:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\inventory.INI
[2004/10/15 14:01:49 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2004/10/15 14:00:19 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/13 20:06:27 | 000,000,098 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2004/10/10 11:52:25 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2004/10/10 11:52:25 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2004/10/09 15:11:47 | 000,000,080 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2004/10/02 21:36:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/10/02 21:36:26 | 000,043,080 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2004/10/02 21:36:26 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/10/02 21:36:13 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/10/02 21:36:13 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/10/02 21:34:10 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/10/02 08:39:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/24 19:49:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/09/19 09:28:59 | 000,025,108 | ---- | C] () -- C:\WINDOWS\php.ini
[2004/09/14 20:41:08 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/09/13 06:31:38 | 000,001,749 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/09/11 15:50:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/09/11 13:12:56 | 000,000,320 | ---- | C] () -- C:\WINDOWS\AceHTML.ini
[2004/09/10 07:06:11 | 000,000,272 | ---- | C] () -- C:\WINDOWS\muma2004.INI
[2004/09/10 06:51:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/09/10 06:48:31 | 000,000,730 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2004/09/10 06:48:31 | 000,000,135 | ---- | C] () -- C:\WINDOWS\magix.ini
[2004/09/09 20:46:49 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2004/09/09 20:46:49 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2004/09/09 19:55:46 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/09/09 18:50:42 | 000,385,024 | ---- | C] () -- C:\WINDOWS\_MWOLTB.DLL
[2004/07/14 20:09:12 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/07/14 20:09:12 | 000,000,529 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/02/05 22:34:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/05 19:28:17 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/02/04 22:12:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/04 21:59:58 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2004/02/04 21:59:58 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
< End of report >


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:46 AM

Posted 14 April 2010 - 05:37 AM

Sorry I wasn't aware you had the pro version of Ad-Aware, that is indeed an AV and will conflict with Avast so you should uninstall AVast. Please try not to do any other scans as I need to see what is being removed, I know it's frustrating but you need to be patient as I am a volunteer doing this in my spare time.


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#8 Jenniferrd

Jenniferrd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 14 April 2010 - 06:27 AM

I am not able to turn off the antivirus - my computer says it has Authentium Antivirus - and I have no idea what this is. Any ideas how to turn it off? It also is saying that Adaware's antivirus is still turned on, even after I turned it off.

One further thing, I had another attack today with XP Defender - it was AVA.exe and LWIA.exe.

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:46 AM

Posted 14 April 2010 - 06:32 AM

You can uninstall Authentium it should be in add\remove programs and follow the instructions here to disable Ad-Aware


unite.jpg


#10 Jenniferrd

Jenniferrd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 14 April 2010 - 06:48 AM

No, Authentium is definitely not in my add/remove programs list, unless it's listed under something else.

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:46 AM

Posted 14 April 2010 - 07:04 AM

Ok, please run combofix the following way, if it still moans about it just continue with the scan.

Go to Start>>Run and enter the following line.

"%userprofile%\desktop\combofix.exe" /killall



unite.jpg


#12 Jenniferrd

Jenniferrd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 14 April 2010 - 09:16 AM

I was finally able to get combofix to run, but when it rebooted, it didn't give a report? It just sat there for about an hour doing nothing? What now?

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:46 AM

Posted 14 April 2010 - 12:29 PM

Ok let's try this instead.
  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.

unite.jpg


#14 Jenniferrd

Jenniferrd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 14 April 2010 - 02:14 PM

It crashed my system yesterday twice when you had me run it, but I went ahead and tried again today for you. It didn't work. About half way through, the computer rebooted itself and when it came back up - there was nothing - no log.

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:46 AM

Posted 14 April 2010 - 02:34 PM

Im sorry I completely missed that I had asked you to run it, im just having a play with this infection at the moment to see if their is
anything else we can use that won't crash, I will get back to you when I have something. In the mean time please try running combofix
again but this time run it in safe mode.

Cheers

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users