Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wmpscfgs.exe virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 Emu1212

Emu1212

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Duluth, MN
  • Local time:08:25 AM

Posted 13 April 2010 - 10:31 PM

Hey, I was told to post these logs here by boopme. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/308533/wmpscfgsexe/ ~ OB Also, this might be of interest in analyzing this machine: http://www.bleepingcomputer.com/forums/t/308969/activearmor-firewall/ ~ OB

This virus showed itself when a program called User Protection installed itself on my computer. I got rid of that, but wmpscfgs.exe is still here in my Internet Explorer folder. Here are the OTL(DDS doesn't work on my computer) logs and the GMER log:

OTL logfile created on: 4/13/2010 10:01:49 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 224.61 Gb Free Space | 75.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARK-0JTLWF8JNF
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/13 22:01:10 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/04/02 21:58:51 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- c:\Program Files (x86)\DAEMON Tools Lite\dtlite .exe
PRC - [2009/07/13 14:03:10 | 000,292,128 | ---- | M] (Apple Inc.) -- c:\Program Files (x86)\iTunes\ituneshelper .exe
PRC - [2009/03/19 19:51:22 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\wmiprvse.exe
PRC - [2009/03/05 16:07:20 | 002,285,056 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/02/07 17:55:28 | 000,294,912 | ---- | M] (NVIDIA Corporation) -- c:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\ntrayfw .exe
PRC - [2006/02/07 17:53:30 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/02/07 17:50:10 | 000,127,035 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/02/07 17:49:56 | 000,110,592 | ---- | M] (NVIDIA) -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/02/07 00:13:32 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2010/04/13 22:01:10 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2007/02/18 11:24:12 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll
MOD - [2007/02/18 11:05:38 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msctfime.ime
MOD - [2007/02/18 11:05:22 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll
MOD - [2005/03/25 07:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/02 12:12:00 | 000,689,664 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart)
SRV - [2008/07/25 10:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007/02/17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/22 10:58:22 | 000,252,416 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2006/02/07 17:53:30 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/02/07 17:50:10 | 000,127,035 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/02/07 17:49:56 | 000,110,592 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/02/07 00:13:32 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/03/25 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 C1 4F 9F 38 12 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wowhead"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.5.10
FF - prefs.js..extensions.enabledItems: {5858513B-9AB9-4E48-AE1A-14B210FAB885}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{5858513B-9AB9-4E48-AE1A-14B210FAB885}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{5858513B-9AB9-4E48-AE1A-14B210FAB885} [2010/03/30 17:46:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/06 23:34:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/02 21:58:56 | 000,000,000 | ---D | M]

[2009/07/31 20:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/13 20:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c2tslp8m.default\extensions
[2009/08/15 13:20:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c2tslp8m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/31 21:00:56 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c2tslp8m.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/01/28 18:17:34 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c2tslp8m.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/03/03 16:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c2tslp8m.default\extensions\foxmarks@kei.com
[2010/03/11 18:12:37 | 000,001,561 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c2tslp8m.default\searchplugins\wowhead.xml
[2010/04/13 20:04:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

Hosts file not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Adobe_Reader] c:\Program Files (x86)\Internet Explorer\wmpscfgs.exe ()
O4 - HKLM..\Run: [GameFace Messenger] C:\Program Files (x86)\GameFace Messenger\GameFace.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe ()
O4 - HKLM..\Run: [nTrayFw] C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] c:\program files (x86)\daemon tools lite\DTLite.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\superantispyware.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files (x86)\Windows Desktop Search\WindowsSearch.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysNative\nvappfilter.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysNative\nvappfilter.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysNative\nvappfilter.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SysNative\nvappfilter.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SysWOW64\nvappfilter.dll (NVIDIA)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1192846582031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1230508431609 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.115.71.53 24.213.60.93 24.196.64.53
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\avgwlx64: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgwlx64: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O21 - SSODL: jivomewib - {6c26ebf8-c965-4a8c-a945-4b13844bb68d} - c:\windows\SysWow64\tofanuwo.dll File not found
O21 - SSODL: womehihed - {dd074c08-60c0-4949-916f-6cadf2bc9413} - c:\windows\SysWow64\tofanuwo.dll File not found
O21 - SSODL: yefuyanel - {c7346042-0594-4b07-96b6-cfb20f4e338d} - c:\windows\SysWow64\tofanuwo.dll File not found
O22 - SharedTaskScheduler: {11957f30-3924-4da7-9c9a-227409ee9573} - kupuhivus - c:\windows\SysWow64\tofanuwo.dll File not found
O22 - SharedTaskScheduler: {3c4c57fe-bfc6-47f2-aed5-2d33b996e82c} - tokatiluy - c:\windows\SysWow64\tofanuwo.dll File not found
O22 - SharedTaskScheduler: {568432fd-924d-4e7b-93f0-8aeb135dd6de} - mujuzedij - c:\windows\SysWow64\tofanuwo.dll File not found
O22 - SharedTaskScheduler: {6c26ebf8-c965-4a8c-a945-4b13844bb68d} - gahurihor - c:\windows\SysWow64\tofanuwo.dll File not found
O22 - SharedTaskScheduler: {c7346042-0594-4b07-96b6-cfb20f4e338d} - mujuzedij - c:\windows\SysWow64\tofanuwo.dll File not found
O22 - SharedTaskScheduler: {dd074c08-60c0-4949-916f-6cadf2bc9413} - jugezatag - c:\windows\SysWow64\tofanuwo.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/19 19:59:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4a1ad616-c015-11de-8a3b-00301b4349be}\Shell - "" = AutoRun
O33 - MountPoints2\{4a1ad616-c015-11de-8a3b-00301b4349be}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a1ad616-c015-11de-8a3b-00301b4349be}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\SysWOW64\ias [2009/08/07 23:38:33 | 000,000,000 | ---D | M]
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/13 22:01:10 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/04/13 10:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/13 10:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/04/13 10:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/04/13 10:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/04/12 22:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\pjvtqyiph
[2010/04/12 20:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2010/04/11 19:41:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\windowspowershell
[2010/04/11 14:23:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/04/11 14:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
[2010/04/11 14:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2010/04/10 09:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Videos
[2010/04/10 09:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2010/04/10 09:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sony
[2010/04/10 09:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2010/04/10 08:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/10 08:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2010/04/10 08:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/04/09 23:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\DL
[2010/04/03 12:23:41 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/04/02 18:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/04/02 18:33:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2010/04/02 18:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/02 18:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/31 19:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/03/30 21:40:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/30 21:40:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/30 21:40:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/30 21:40:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[67 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2099/01/01 12:00:00 | 000,000,709 | -HS- | M] () -- C:\WINDOWS\SysWow64\juyobosu.exe
[2010/04/13 22:01:10 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/04/13 22:00:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1967.job
[2010/04/13 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/04/13 21:36:53 | 000,053,607 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DDS Error.JPG
[2010/04/13 21:05:20 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/04/13 21:00:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1966.job
[2010/04/13 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/04/13 20:00:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1965.job
[2010/04/13 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/04/13 19:00:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1964.job
[2010/04/13 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/04/13 18:00:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1963.job
[2010/04/13 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/04/13 17:27:18 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6327129C-D6AD-441F-BE76-87A354977C04}.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1968.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1962.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1961.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1960.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1959.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1958.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1957.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1956.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1955.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1954.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1953.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1952.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1951.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1950.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1949.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1948.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1947.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1946.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1945.job
[2010/04/13 17:24:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/13 17:24:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/13 17:24:05 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/13 17:23:35 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/04/13 17:23:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/13 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/04/13 00:25:40 | 007,899,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/04/13 00:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/04/12 23:03:10 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/12 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/12 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/04/12 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/04/11 22:45:59 | 000,002,436 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/11 19:45:12 | 000,573,062 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2010/04/11 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/11 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/11 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/04/11 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/04/11 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/04/10 09:45:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/10 09:45:27 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 09:38:15 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2010/04/10 09:32:29 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb
[2010/04/10 09:32:29 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb
[2010/04/10 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/04/10 08:57:35 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 9.0 (64-bit).lnk
[2010/04/10 08:50:32 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/04/09 23:54:41 | 471,062,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sony Vegas Pro 9.0c Build 896 [32.64 bit][MULTi][Full+Plug-in][WwW.ZoNaTorrent.CoM].iso
[2010/04/09 19:39:43 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/04/09 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/04/09 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/04/08 19:42:15 | 000,000,634 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2010/04/07 21:44:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2010/04/07 19:13:16 | 000,000,552 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d8caps.dat
[2010/04/03 12:23:41 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/04/03 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/04/03 02:44:59 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cyipohofafa.dat
[2010/04/03 00:44:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ygipejuzakaxo.bin
[2010/04/02 23:29:21 | 000,000,702 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/31 23:08:48 | 000,000,004 | ---- | M] () -- C:\Program Files (x86)\840781.dat
[2010/03/31 23:08:47 | 004,325,652 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/03/31 22:45:36 | 000,000,566 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[67 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,000,709 | -HS- | C] () -- C:\WINDOWS\SysWow64\juyobosu.exe
[2010/04/13 21:36:53 | 000,053,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DDS Error.JPG
[2010/04/13 21:17:27 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/04/13 21:05:19 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1968.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1967.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1966.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1965.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1964.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1963.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1962.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1961.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1960.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1959.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1958.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1957.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1956.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1955.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1954.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1953.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1952.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1951.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1950.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1949.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1948.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1947.job
[2010/04/13 17:27:01 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1946.job
[2010/04/13 17:27:01 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1945.job
[2010/04/13 17:24:05 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/13 00:24:59 | 007,899,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/04/10 09:38:15 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2010/04/10 08:57:35 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 9.0 (64-bit).lnk
[2010/04/10 08:50:32 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/04/09 23:44:46 | 471,062,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sony Vegas Pro 9.0c Build 896 [32.64 bit][MULTi][Full+Plug-in][WwW.ZoNaTorrent.CoM].iso
[2010/04/07 19:13:16 | 000,000,552 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d8caps.dat
[2010/04/02 18:33:34 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 23:08:48 | 000,000,004 | ---- | C] () -- C:\Program Files (x86)\840781.dat
[2010/03/31 22:41:22 | 000,000,566 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/03/31 19:02:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2010/03/31 18:30:47 | 005,242,880 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/03/30 18:07:35 | 000,000,702 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/30 18:04:37 | 000,000,634 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2010/02/21 13:14:33 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2009/08/15 12:14:43 | 000,001,334 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2009/08/12 07:48:14 | 000,000,317 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/08/07 19:44:23 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2008/02/11 20:47:34 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/09 16:23:37 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/01/11 18:21:07 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/12/08 13:01:00 | 000,000,102 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/11/28 08:10:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/22 20:47:24 | 000,015,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/19 20:41:46 | 000,007,867 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/10/19 20:38:41 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2007/10/19 20:20:10 | 000,573,062 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2007/10/19 20:04:00 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2007/10/19 20:04:00 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2007/10/19 20:03:59 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Administrator\wiadebug.log
[2007/10/19 20:03:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Sti_Trace.log
[2005/12/30 20:18:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2005/12/30 20:10:30 | 000,761,856 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2005/03/25 07:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2005/03/25 07:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2005/03/25 07:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2005/03/25 07:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2005/03/25 07:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2005/03/25 07:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2005/03/25 07:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2005/03/25 07:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2005/03/25 07:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2005/03/25 07:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2005/03/25 07:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2005/03/25 07:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2005/03/25 07:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2005/03/25 07:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2005/03/25 07:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2005/03/25 07:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2005/03/25 07:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2005/03/25 07:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\SysWow64\iyvu9_32.dll

========== LOP Check ==========

[2010/04/10 00:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2010/01/25 18:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2010/04/10 09:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2010/04/10 09:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2007/10/19 20:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Template
[2010/03/31 19:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2008/12/28 19:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2008/12/29 12:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/02/07 23:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/03/30 21:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/25 18:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/02/09 16:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Global Software Publishing
[2010/04/10 08:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/13 00:09:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/04/10 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/04/11 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/04/13 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/04/11 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/04/11 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/04/11 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/04/11 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/04/12 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/04/12 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/04/13 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1945.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1946.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1947.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1948.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1949.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1950.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1951.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1952.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1953.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1954.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1955.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1956.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1957.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1958.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1959.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1960.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1961.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1962.job
[2010/04/13 18:00:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1963.job
[2010/04/13 19:00:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1964.job
[2010/04/13 20:00:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1965.job
[2010/04/13 21:00:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1966.job
[2010/04/13 22:00:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1967.job
[2010/04/13 17:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\At1968.job
[2010/04/09 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/04/13 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/04/13 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/04/13 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/04/13 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/04/12 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/04/09 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/04/03 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/03/20 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/03/20 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/03/20 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/03/20 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/03/20 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/04/13 19:00:00 | 000,032,382 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2010/04/13 17:27:18 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6327129C-D6AD-441F-BE76-87A354977C04}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007/02/18 11:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:AGP440.sys
[2007/02/18 11:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\amd64\sp2.cab:AGP440.sys
[2007/02/17 00:03:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=3373905E7DED6168676707F318C612FA -- C:\WINDOWS\ServicePackFiles\amd64\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/02/18 11:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys
[2007/02/18 11:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\amd64\sp2.cab:atapi.sys
[2005/03/25 07:00:00 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=72C77044943340964FA513B92D6D6874 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007/02/17 00:03:34 | 000,150,016 | ---- | M] (Microsoft Corporation) MD5=7A1814D0D112F50F828E25557A1ED29F -- C:\WINDOWS\ServicePackFiles\amd64\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2005/03/25 07:00:00 | 000,130,048 | ---- | M] (Microsoft Corporation) MD5=2C1641EFCDA764DCC29E01A528F227A1 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2007/02/17 00:20:32 | 000,130,560 | ---- | M] (Microsoft Corporation) MD5=589B15B2B3254E2745CB205243EB8588 -- C:\WINDOWS\ServicePackFiles\amd64\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2007/02/18 11:05:42 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2007/02/18 11:05:42 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2005/03/25 07:00:00 | 000,681,984 | ---- | M] (Microsoft Corporation) MD5=918FF7D96DE11D01DBA8BFFB3218C5A0 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2007/02/17 00:40:06 | 000,681,472 | ---- | M] (Microsoft Corporation) MD5=BFF99E983A1F35B4E8AA74DEA19D014B -- C:\WINDOWS\ServicePackFiles\amd64\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007/02/17 00:54:00 | 000,315,392 | ---- | M] (Microsoft Corporation) MD5=40453F57AAC02F32F785642F5C2E211E -- C:\WINDOWS\ServicePackFiles\amd64\scecli.dll
[2005/03/25 07:00:00 | 000,315,392 | ---- | M] (Microsoft Corporation) MD5=A832D97D4113E28DB89C33219D9E7D20 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2007/02/18 11:05:48 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll
[2007/02/18 11:05:48 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >










OTL Extras logfile created on: 4/13/2010 10:01:49 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 224.61 Gb Free Space | 75.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARK-0JTLWF8JNF
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- File not found
"C:\WINDOWS\SysWOW64\dplaysvr.exe" = C:\WINDOWS\SysWOW64\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD" = C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Program Files (x86)\Starcraft\StarCraft.exe" = C:\Program Files (x86)\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files (x86)\Steam\steamapps\xekrate\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\xekrate\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files (x86)\iTunes\iTunes.exe" = C:\Program Files (x86)\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Majesty 2\Majesty2.exe" = C:\Program Files (x86)\Majesty 2\Majesty2.exe:*:Enabled:Majesty 2 -- (1C:Ino-Co)
"C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III -- (Ensemble Studios)
"C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe" = C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\SysWOW64\dplaysvr.exe" = C:\WINDOWS\SysWOW64\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD" = C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Program Files (x86)\Starcraft\StarCraft.exe" = C:\Program Files (x86)\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files (x86)\Steam\steamapps\xekrate\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\xekrate\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files (x86)\iTunes\iTunes.exe" = C:\Program Files (x86)\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Majesty 2\Majesty2.exe" = C:\Program Files (x86)\Majesty 2\Majesty2.exe:*:Enabled:Majesty 2 -- (1C:Ino-Co)
"C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III -- (Ensemble Studios)
"C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe" = C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25E0F2BA-399C-4cf8-A654-53797016CB77}" = HP Beta Printer Drivers for Windows XP x64 (5.64.0.17)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{88EAF577-71FA-46F2-8E42-AEA33E35AFB1}" = Vegas Pro 9.0 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64
"ATI Display Driver" = ATI Display Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1C220811-048F-4D60-B42E-B86027C57372}" = LightScribe 1.4.119.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{212125C1-E5A3-4810-A057-C20FB2A79327}" = Majesty - Gold Edition
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{71D4305B-56E6-4971-A799-FB7678A1D1A5}" = ASUS ATI Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
"{8867CEBD-E6C0-4C7A-83B3-9E45669A1033}" = Nero 7 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_WORD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1" = Majesty 2: The Fantasy Kingdom Sim
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"All ATI Software" = ATI - Software Uninstall Utility
"Belarc Advisor" = Belarc Advisor 8.1
"BitTorrent" = BitTorrent
"Diablo II" = Diablo II
"Guild Wars" = Guild Wars
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"ST6UNST #1" = Hero Editor V1.03
"Starcraft" = Starcraft
"StarCraft II Beta" = StarCraft II Beta
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"World of Warcraft" = World of Warcraft
"xvid" = XviD MPEG-4 Video Codec
"Zeus" = Zeus

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2010 11:56:30 AM | Computer Name = MARK-0JTLWF8JNF | Source = Windows Search Service | ID = 3083
Description =

Error - 4/13/2010 5:06:52 PM | Computer Name = MARK-0JTLWF8JNF | Source = VSS | ID = 8211
Description =

Error - 4/13/2010 6:24:55 PM | Computer Name = MARK-0JTLWF8JNF | Source = .NET Runtime Optimization Service | ID = 1111
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service reached limit of transient errors. Will shut down. Last error returned
from Service Manager: 0x80004005.

Error - 4/13/2010 6:25:27 PM | Computer Name = MARK-0JTLWF8JNF | Source = Windows Search Service | ID = 3083
Description =

Error - 4/13/2010 8:04:15 PM | Computer Name = MARK-0JTLWF8JNF | Source = Windows Search Service | ID = 3083
Description =

Error - 4/13/2010 10:05:25 PM | Computer Name = MARK-0JTLWF8JNF | Source = Windows Search Service | ID = 3083
Description =

Error - 4/13/2010 10:17:20 PM | Computer Name = MARK-0JTLWF8JNF | Source = Windows Search Service | ID = 3083
Description =

Error - 4/13/2010 10:29:22 PM | Computer Name = MARK-0JTLWF8JNF | Source = Windows Search Service | ID = 3083
Description =

Error - 4/13/2010 10:36:39 PM | Computer Name = MARK-0JTLWF8JNF | Source = Windows Search Service | ID = 3083
Description =

Error - 4/13/2010 10:38:56 PM | Computer Name = MARK-0JTLWF8JNF | Source = Windows Search Service | ID = 3083
Description =

[ System Events ]
Error - 4/13/2010 10:59:20 PM | Computer Name = MARK-0JTLWF8JNF | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/13/2010 10:59:20 PM | Computer Name = MARK-0JTLWF8JNF | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/13/2010 10:59:20 PM | Computer Name = MARK-0JTLWF8JNF | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/13/2010 11:00:00 PM | Computer Name = MARK-0JTLWF8JNF | Source = Schedule | ID = 7901
Description = The At23.job command failed to start due to the following error: %%2147942402

Error - 4/13/2010 11:00:26 PM | Computer Name = MARK-0JTLWF8JNF | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/13/2010 11:00:26 PM | Computer Name = MARK-0JTLWF8JNF | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/13/2010 11:00:26 PM | Computer Name = MARK-0JTLWF8JNF | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/13/2010 11:00:26 PM | Computer Name = MARK-0JTLWF8JNF | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/13/2010 11:00:27 PM | Computer Name = MARK-0JTLWF8JNF | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/13/2010 11:00:27 PM | Computer Name = MARK-0JTLWF8JNF | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >











GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-13 22:19:46
Windows 5.2.3790 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Control\Session Manager@PendingFileRenameOperations ?=?O?&??C:\WINDOWS\System32\h323.tsp?????????????????????$?????!???????????????#?+?G?K?K?/??????????Se??????????????(Standard IDE ATA/ATAPI controllers)????????\\?\SCSI#CdRom&Ven_JWP&Prod_L2FC5ARC&Rev_1.03#5&36e5972&0&010#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}?s??\\?\SCSI#CdRom&Ven_JWP&Prod_L2FC5ARC&Rev_1.03#5&36e5972&0&000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}????(Standard disk drives)??????JWP L2FC5ARC SCSI CdRom Device?WIN??Offers routing services to businesses in local area and wide area network environments.?????Provides support to host Universal Plug and Play devices.???idecoi.dll,NvIdeCoInstaller?NVCOI.DLL,NVCoInstaller??er??b??SCSI\CdRom&Ven_JWP&Prod_L2FC5ARC&Rev_1.03\5&36e5972&0&010??????????????4???????????????????? ???at??ACPI Multiprocessor x64-based PC?????m?m?S????N??M???s????DHel?????????#?$?$?$?$?$?$?$?$?#?$?/???.???M??? ???????G?????#?? ??G?5??"???&??????????????0??Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x71 0x68 0xD0 0x61 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9C 0xDB 0xA8 0xF6 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE7 0x7F 0xCB 0x8D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x87 0x23 0x1B 0x96 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xAD 0xF3 0x70 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x35 0xB4 0xBE 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF6 0xE2 0x76 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFD 0x3B 0xBC 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0xBE 0xD8 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF6 0xE2 0x76 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFD 0x3B 0xBC 0x57 ...

---- EOF - GMER 1.0.15 ----

Edited by Orange Blossom, 13 April 2010 - 10:50 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:25 PM

Posted 18 April 2010 - 05:10 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Emu1212

Emu1212
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Duluth, MN
  • Local time:08:25 AM

Posted 18 April 2010 - 10:07 AM

Actually I just reformatted my computer last night. Thanks anyway though! smile.gif

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:25 PM

Posted 18 April 2010 - 10:30 AM

Since this issue seems to be resolved, this topic is now closed.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users