Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-HTMLinfectedwebpage.Gen-Malware HUER/HTML


  • This topic is locked This topic is locked
20 replies to this topic

#1 vic350

vic350

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 01 June 2010 - 06:42 AM

Hi, I was trying to get some instructions for a game and when I downloaded them I think my computer was infected. Now my email, windows programs, startups, taskmanager, browser and just about all I do isn't functioning. I hope you can help. I really messed up. I have the DDS log but I was not able to run the last GMER program, it would not finish without my computer shuting down with a serious error message. I sure appreciate that you are here to help. I have a Dell Computer and windows xp. Thank You


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jason Hebel at 17:31:19.81 on Mon 05/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.201 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\OA012Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jason Hebel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gmail.com/
uSearch Page = hxxp://www.live.
mDefault_Page_URL =
mStart Page =
mCustomizeSearch = //ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [OA012Mon] c:\windows\OA012Mon.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-9-29 14248]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-1 11608]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-29 214024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-1 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-1 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-1 60936]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2009-9-29 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-29 144704]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-29 143840]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-29 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-29 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-29 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-29 40552]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-9-29 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-9-29 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-9-29 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-29 162816]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-29 1684736]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-29 34248]

=============== Created Last 30 ================

2010-06-01 00:14:36 0 ----a-w- c:\documents and settings\jason hebel\defogger_reenable
2010-05-31 20:17:09 0 d-----w- c:\docume~1\jasonh~1\applic~1\Malwarebytes
2010-05-31 20:16:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-31 20:16:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-31 20:16:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 20:16:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-04-23 09:16:39 1381532 ----a-w- c:\program files\start_ups.exe
2010-04-23 08:50:57 1402880 ----a-w- c:\program files\HiJackThis.msi
2010-04-16 19:27:58 22928168 ----a-w- c:\program files\SkypeSetupFull.exe
2010-04-15 08:30:58 1034 ----a-w- c:\docume~1\jasonh~1\applic~1\wklnhst.dat
2010-04-09 08:01:34 262144 ----a-w- C:\ntuser.dat
2010-04-02 00:55:13 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-04-02 00:54:07 9228440 ----a-w- c:\program files\spf.exe
2010-04-01 23:55:17 42281152 ----a-w- c:\program files\avira_antivir_personal_en.exe
2010-02-03 06:24:24 135559885 ----a-w- c:\program files\openofficeorg1.cab
2010-02-03 06:23:38 10176512 ----a-w- c:\program files\openofficeorg32.msi
2010-02-01 22:13:18 290 ----a-w- c:\program files\setup.ini
2009-09-29 18:40:58 75 --sh--r- c:\windows\CT4CET.bin

============= FINISH: 17:32:55.73 ===============


Mbam log

Attached Files



BC AdBot (Login to Remove)

 


#2 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:02:03 PM

Posted 03 June 2010 - 10:34 AM

Hello vic350,

Welcome to Bleeping Computer.

My name is Tokek and I will be helping you with your Malware problem.

I apologize for the delay in replying to your post, the forum have been extremely busy.

Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.

Please give me some time to look over your log, I will post the reply as soon as I am able.

If I don't reply to your post in 3 days, please send me a PM as sometimes life gets hectic and I may inadvertently forgot.

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#3 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:02:03 PM

Posted 03 June 2010 - 10:41 AM

Hello vic350,

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either McAfee Security Center or Avira Free Antivir.

-----------------------------------------------------------

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select Run as administrator to run it.
  • Under Extra Registry section, select Use SafeList.
  • Copy the lines in the codebox below.
CODE
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

  • Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

In your next reply, please include the following:
  • OTL.txt
  • Extra.txt

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#4 vic350

vic350
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 10 June 2010 - 05:46 PM

Hi,
Sorry I didn't respond sooner, I was waiting for email? I unistalled McAfee. I tried to copy and paste the list you gave me into the OLD window but I cannot right click and paste. Do you have any idea why? This is a laptop and it's the first time I've used one. There doesn't seem to be a "right click" function? Am I stupid?
Before we go on, I have found another problem. It's a Trojan--TR/Drop.Softomat AN
Thank you, Victoria

#5 vic350

vic350
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 10 June 2010 - 06:00 PM

Here is the new logs. I didn't think anyone was going to answer my post and I might have made changes. I'm really sorry if I've caused you any problems but I wanted you to have the updated logs. I've never posted before and I didn't know how long to wait or how I'd be contacted. Again, please accept my apology.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jason Hebel at 14:32:53.03 on Thu 06/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.527 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\OA012Mon.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Jason Hebel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gmail.com/
mStart Page =
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [OA012Mon] c:\windows\OA012Mon.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-9-29 14248]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-1 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-1 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-1 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-1 60936]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-29 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-9-29 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-9-29 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-9-29 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-29 162816]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-29 1684736]

=============== Created Last 30 ================

2010-06-01 10:30:18 98816 ----a-w- c:\windows\sed.exe
2010-06-01 10:30:18 77312 ----a-w- c:\windows\MBR.exe
2010-06-01 10:30:18 256512 ----a-w- c:\windows\PEV.exe
2010-06-01 10:30:18 161792 ----a-w- c:\windows\SWREG.exe
2010-06-01 00:14:36 0 ----a-w- c:\documents and settings\jason hebel\defogger_reenable
2010-05-31 20:17:09 0 d-----w- c:\docume~1\jasonh~1\applic~1\Malwarebytes
2010-05-31 20:16:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-31 20:16:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-31 20:16:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 20:16:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-06-01 11:35:15 1034 ----a-w- c:\docume~1\jasonh~1\applic~1\wklnhst.dat
2010-04-23 09:16:39 1381532 ----a-w- c:\program files\start_ups.exe
2010-04-23 08:50:57 1402880 ----a-w- c:\program files\HiJackThis.msi
2010-04-16 19:27:58 22928168 ----a-w- c:\program files\SkypeSetupFull.exe
2010-04-09 08:01:34 262144 ----a-w- C:\ntuser.dat
2010-04-02 00:55:13 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-04-02 00:54:07 9228440 ----a-w- c:\program files\spf.exe
2010-04-01 23:55:17 42281152 ----a-w- c:\program files\avira_antivir_personal_en.exe
2010-02-03 06:24:24 135559885 ----a-w- c:\program files\openofficeorg1.cab
2010-02-03 06:23:38 10176512 ----a-w- c:\program files\openofficeorg32.msi
2010-02-01 22:13:18 290 ----a-w- c:\program files\setup.ini
2009-09-29 18:40:58 75 --sh--r- c:\windows\CT4CET.bin

============= FINISH: 14:33:49.96 ===============

Attached Files



#6 vic350

vic350
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 12 June 2010 - 11:15 AM

OTL logfile created on: 6/12/2010 8:46:52 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jason Hebel\Desktop
Ok, I was able to find a mouse for the laptop. Here are the 2 reports you asked for. Thanks again!


Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 128.88 Gb Free Space | 92.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINILOVE
Current User Name: Jason Hebel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/10 15:27:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
PRC - [2010/04/19 12:30:39 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/06/03 12:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/11 14:11:24 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA012Mon.exe
PRC - [2009/03/31 14:03:46 | 000,251,176 | ---- | M] (Dell) -- C:\Program Files\WSED\WSED.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 07:03:06 | 000,320,808 | ---- | M] (Compal Electronics, Inc) -- C:\Program Files\CapsLKNotify\CapsLKNotify.exe
PRC - [2008/12/04 14:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/04 19:47:38 | 000,623,912 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2008/05/26 20:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/10 15:27:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 12:30:39 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/12/04 14:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 14:11:18 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Ufd.sys -- (OA012Ufd)
DRV - [2009/05/11 14:11:16 | 000,272,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Vid.sys -- (OA012Vid)
DRV - [2009/05/11 14:11:14 | 000,135,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Afx.sys -- (OA012Afx)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/15 15:49:28 | 000,208,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/03/15 15:48:00 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/03/15 15:44:18 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/15 14:32:18 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/15 14:32:08 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/03/15 14:31:54 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/12 09:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/02/15 14:34:40 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/01/06 16:53:14 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/04 18:24:58 | 000,014,248 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2008/04/14 05:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 05:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2001/08/17 19:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 19:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 19:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 19:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 19:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 18:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 18:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 18:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 18:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 18:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 18:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 18:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 18:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 18:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 18:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/04/22 19:56:19 | 000,392,702 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13564 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 18:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/25 18:45:17 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/10 17:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yikezee
[2010/06/10 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Soko3008-Win32
[2010/06/10 16:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Gem Quest
[2010/06/10 16:14:15 | 005,380,490 | ---- | C] (Drake Games ) -- C:\Program Files\gemquest.exe
[2010/06/10 15:27:26 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
[2010/06/10 15:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\peazip_portable-3.1.WINDOWS
[2010/06/10 15:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Application Data\Zipeg
[2010/06/10 15:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\com.zipeg
[2010/06/10 15:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Zipeg
[2010/06/10 15:00:36 | 001,434,248 | ---- | C] (www.zipeg.com) -- C:\Program Files\zipeg-setup.exe
[2010/06/03 19:18:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/03 12:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\My Documents\New Folder
[2010/06/01 03:30:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/01 03:30:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/01 03:30:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/01 03:30:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/01 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/01 03:26:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 18:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Desktop\gmer
[2010/05/31 13:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Application Data\Malwarebytes
[2010/05/31 13:16:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/31 13:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/31 13:16:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/31 13:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/31 12:56:55 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason Hebel\My Documents\mbam-setup-1.46.exe
[2010/05/31 00:38:51 | 001,870,688 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jason Hebel\My Documents\HousecallLauncher.exe
[2010/05/23 00:46:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/12 08:48:38 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Jason Hebel\NTUSER.DAT
[2010/06/12 08:01:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/12 08:01:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/12 08:01:37 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/11 15:44:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jason Hebel\ntuser.ini
[2010/06/11 15:44:38 | 009,247,452 | -H-- | M] () -- C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\IconCache.db
[2010/06/10 17:25:22 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Yikezee by PixelKick Software.lnk
[2010/06/10 17:24:56 | 000,415,683 | ---- | M] () -- C:\Program Files\install_yikezee.zip
[2010/06/10 16:45:12 | 000,674,502 | ---- | M] () -- C:\Program Files\Soko3008-Win32.zip
[2010/06/10 16:15:13 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Gem Quest.lnk
[2010/06/10 16:14:30 | 005,380,490 | ---- | M] (Drake Games ) -- C:\Program Files\gemquest.exe
[2010/06/10 15:27:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
[2010/06/10 15:23:09 | 000,003,227 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Attach1.zip
[2010/06/10 15:13:16 | 006,839,681 | ---- | M] () -- C:\Program Files\peazip_portable-3.1.WINDOWS.zip
[2010/06/10 15:00:53 | 001,434,248 | ---- | M] (www.zipeg.com) -- C:\Program Files\zipeg-setup.exe
[2010/06/10 13:48:06 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\HiJackThis.lnk
[2010/06/10 13:13:07 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl8.rtf
[2010/06/10 11:56:30 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl5.rtf
[2010/06/10 11:56:18 | 000,006,923 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl4.rtf
[2010/06/10 11:56:00 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl3.rtf
[2010/06/10 11:55:26 | 000,001,280 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl1.rtf
[2010/06/10 11:38:43 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl.rtf
[2010/06/08 21:37:46 | 000,019,792 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\trend.rtf
[2010/06/07 08:04:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/01 04:35:15 | 000,001,034 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Application Data\wklnhst.dat
[2010/06/01 03:41:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/31 17:37:29 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\gmer.zip
[2010/05/31 17:18:11 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\dds.scr
[2010/05/31 17:14:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\defogger_reenable
[2010/05/31 17:14:18 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Defogger.exe
[2010/05/31 13:14:44 | 003,701,740 | R--- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\ComboFix.exe
[2010/05/31 12:56:55 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason Hebel\My Documents\mbam-setup-1.46.exe
[2010/05/31 12:54:30 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\rkill.exe
[2010/05/31 00:39:06 | 001,870,688 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jason Hebel\My Documents\HousecallLauncher.exe
[2010/05/27 00:29:41 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Spybot - Search & Destroy.lnk
[2010/05/27 00:18:37 | 000,003,791 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\Document.rtf
[2010/05/25 11:35:08 | 000,490,185 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cancercureddigests034to6upload.zip
[2010/05/23 04:33:31 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/10 17:25:21 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Yikezee by PixelKick Software.lnk
[2010/06/10 17:24:51 | 000,415,683 | ---- | C] () -- C:\Program Files\install_yikezee.zip
[2010/06/10 16:45:03 | 000,674,502 | ---- | C] () -- C:\Program Files\Soko3008-Win32.zip
[2010/06/10 16:15:13 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Gem Quest.lnk
[2010/06/10 15:23:09 | 000,003,227 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Attach1.zip
[2010/06/10 15:12:58 | 006,839,681 | ---- | C] () -- C:\Program Files\peazip_portable-3.1.WINDOWS.zip
[2010/06/10 13:13:07 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl8.rtf
[2010/06/10 11:56:30 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl5.rtf
[2010/06/10 11:56:18 | 000,006,923 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl4.rtf
[2010/06/10 11:56:00 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl3.rtf
[2010/06/10 11:55:26 | 000,001,280 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl1.rtf
[2010/06/10 11:38:43 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl.rtf
[2010/06/08 21:37:46 | 000,019,792 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\trend.rtf
[2010/06/01 03:54:12 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/01 03:30:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/01 03:30:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/01 03:30:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/01 03:30:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/01 03:30:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/31 17:37:20 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\gmer.zip
[2010/05/31 17:15:28 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\dds.scr
[2010/05/31 17:14:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\defogger_reenable
[2010/05/31 17:13:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Defogger.exe
[2010/05/31 13:14:42 | 003,701,740 | R--- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\ComboFix.exe
[2010/05/31 12:53:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\rkill.exe
[2010/05/27 00:18:37 | 000,003,791 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\Document.rtf
[2010/05/25 11:34:57 | 000,490,185 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cancercureddigests034to6upload.zip
[2010/04/15 01:11:29 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/29 14:02:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/09/29 13:58:41 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/09/29 11:54:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/29 11:31:50 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2009/09/29 11:30:46 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/29 11:30:44 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/04/25 18:42:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/09/27 08:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 08:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 08:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/25 06:37:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/25 06:37:49 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/25 06:37:49 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
< End of report >

OTL Extras logfile created on: 6/12/2010 8:46:52 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jason Hebel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 128.88 Gb Free Space | 92.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINILOVE
Current User Name: Jason Hebel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA012" = Integrated Webcam Driver (1.02.02.0403)
"Dell Webcam Central" = Dell Webcam Central
"Gem Quest_is1" = Gem Quest 1.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Dell Touchpad
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yikezee" = Yikezee

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/3/2010 8:56:17 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/4/2010 11:03:26 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/4/2010 12:56:58 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/7/2010 11:05:06 AM | Computer Name = MINILOVE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/7/2010 11:05:06 AM | Computer Name = MINILOVE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/7/2010 11:18:45 AM | Computer Name = MINILOVE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2010 11:18:49 AM | Computer Name = MINILOVE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2010 11:18:49 AM | Computer Name = MINILOVE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2010 11:18:58 AM | Computer Name = MINILOVE | Source = Application Hang | ID = 1002
Description = Hanging application mshearts.exe, version 5.1.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2010 9:08:46 PM | Computer Name = MINILOVE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 6/10/2010 3:57:30 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 6/10/2010 4:08:04 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 6/10/2010 4:08:06 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/10/2010 4:08:43 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/10/2010 4:08:43 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 6/10/2010 4:13:16 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 6/10/2010 4:19:32 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/10/2010 12:57:41 PM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 6/11/2010 12:57:10 AM | Computer Name = MINILOVE | Source = PSched | ID = 14103
Description = QoS [Adapter {6FB157C5-026C-401D-B678-0F0A2056AD77}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 6/12/2010 11:02:26 AM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 00000077, parameter1 00000001, parameter2 00000000, parameter3
00000000, parameter4 a9148c4c.


< End of report >


#7 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:02:03 PM

Posted 13 June 2010 - 10:16 AM

Hello vic350,

I apologize for the delay in responding to your post, life has been hectic on my end the past week and will be so for the forseeable future. I will try to be on the ball with the replies though.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
If it asks you, please install the Windows Recovery Console (internet connection required).
    When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new DDS log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your next reply, please include the following:
  • ComboFix.txt

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#8 vic350

vic350
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 14 June 2010 - 06:28 AM

Tekek,
This is the correct Combofix log. Sorry.



ComboFix 10-06-13.04 - Jason Hebel 06/14/2010 3:33.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.602 [GMT -7:00]
Running from: c:\documents and settings\Jason Hebel\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-11 00:25 . 2010-06-11 00:25 -------- d-----w- c:\program files\Yikezee
2010-06-11 00:24 . 2010-06-11 00:24 415683 ----a-w- c:\program files\install_yikezee.zip
2010-06-10 23:45 . 2010-06-10 23:45 -------- d-----w- c:\program files\Soko3008-Win32
2010-06-10 23:45 . 2010-06-10 23:45 674502 ----a-w- c:\program files\Soko3008-Win32.zip
2010-06-10 23:15 . 2010-06-10 23:15 -------- d-----w- c:\program files\Gem Quest
2010-06-10 23:14 . 2010-06-10 23:14 5380490 ----a-w- c:\program files\gemquest.exe
2010-06-10 22:18 . 2010-06-10 22:18 -------- d-----w- c:\program files\peazip_portable-3.1.WINDOWS
2010-06-10 22:12 . 2010-06-10 22:13 6839681 ----a-w- c:\program files\peazip_portable-3.1.WINDOWS.zip
2010-06-10 22:01 . 2010-06-10 22:13 -------- d-----w- c:\documents and settings\Jason Hebel\Application Data\Zipeg
2010-06-10 22:01 . 2010-06-10 22:01 -------- d-----w- c:\documents and settings\Jason Hebel\Local Settings\Application Data\com.zipeg
2010-06-10 22:01 . 2010-06-10 22:14 -------- d-----w- c:\program files\Zipeg
2010-06-10 22:00 . 2010-06-10 22:00 1434248 ----a-w- c:\program files\zipeg-setup.exe
2010-05-31 20:17 . 2010-05-31 20:17 -------- d-----w- c:\documents and settings\Jason Hebel\Application Data\Malwarebytes
2010-05-31 20:16 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-31 20:16 . 2010-05-31 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-31 20:16 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 20:16 . 2010-05-31 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 15:39 . 2010-05-24 15:39 503808 ----a-w- c:\documents and settings\Jason Hebel\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-46c72697-n\msvcp71.dll
2010-05-24 15:39 . 2010-05-24 15:39 499712 ----a-w- c:\documents and settings\Jason Hebel\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-46c72697-n\jmc.dll
2010-05-24 15:39 . 2010-05-24 15:39 348160 ----a-w- c:\documents and settings\Jason Hebel\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-46c72697-n\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 21:27 . 2009-09-29 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-01 11:35 . 2010-04-04 23:03 1034 ----a-w- c:\documents and settings\Jason Hebel\Application Data\wklnhst.dat
2010-05-23 11:37 . 2010-04-16 19:29 -------- d-----w- c:\documents and settings\Jason Hebel\Application Data\Skype
2010-05-23 08:32 . 2010-04-16 19:18 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-16 07:09 . 2010-04-16 19:33 -------- d-----w- c:\documents and settings\Jason Hebel\Application Data\skypePM
2010-05-07 05:51 . 2010-04-16 19:56 1 ----a-w- c:\documents and settings\Jason Hebel\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-24 09:25 . 2010-04-16 19:29 -------- d-----w- c:\program files\Google
2010-04-23 10:33 . 2010-04-09 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-04-23 10:33 . 2010-04-09 07:53 -------- d-----w- c:\program files\Yahoo!
2010-04-23 10:33 . 2010-04-09 08:00 -------- d-----w- c:\documents and settings\Jason Hebel\Application Data\Yahoo!
2010-04-23 09:16 . 2010-04-23 09:16 1381532 ----a-w- c:\program files\start_ups.exe
2010-04-23 08:51 . 2010-04-23 08:51 388096 ----a-r- c:\documents and settings\Jason Hebel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-23 08:51 . 2010-04-23 08:51 -------- d-----w- c:\program files\Trend Micro
2010-04-23 08:50 . 2010-04-23 08:50 1402880 ----a-w- c:\program files\HiJackThis.msi
2010-04-17 09:43 . 2009-12-23 03:40 39392 ----a-w- c:\documents and settings\Jason Hebel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-16 19:56 . 2010-04-16 19:56 -------- d-----w- c:\documents and settings\Jason Hebel\Application Data\OpenOffice.org
2010-04-16 19:33 . 2010-04-16 19:33 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-16 19:28 . 2010-04-16 19:28 -------- d-----r- c:\program files\Skype
2010-04-16 19:28 . 2010-04-16 19:28 -------- d-----w- c:\program files\Common Files\Skype
2010-04-16 19:28 . 2010-04-16 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-16 19:27 . 2010-04-16 19:27 22928168 ----a-w- c:\program files\SkypeSetupFull.exe
2010-04-16 19:16 . 2010-04-16 19:16 -------- d-----w- c:\program files\readmes
2010-04-16 19:16 . 2010-04-16 19:16 -------- d-----w- c:\program files\redist
2010-04-16 19:16 . 2010-04-16 19:16 -------- d-----w- c:\program files\licenses
2010-04-14 07:19 . 2010-04-12 11:19 79488 ----a-w- c:\documents and settings\Jason Hebel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-13 21:47 . 2010-03-28 22:22 142 ----a-w- c:\documents and settings\Angela Kramer\Application Data\wklnhst.dat
2010-04-13 16:23 . 2010-04-13 16:23 79488 ----a-w- c:\documents and settings\Angela Kramer\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-09 08:01 . 2010-04-09 08:01 262144 ----a-w- C:\ntuser.dat
2010-04-02 00:55 . 2010-04-02 00:07 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-04-02 00:54 . 2010-04-02 00:53 9228440 ----a-w- c:\program files\spf.exe
2010-04-01 23:55 . 2010-04-01 23:55 42281152 ----a-w- c:\program files\avira_antivir_personal_en.exe
2010-03-28 22:22 . 2010-03-28 22:10 34000 ----a-w- c:\documents and settings\Angela Kramer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-03 06:24 . 2010-02-03 06:24 135559885 ----a-w- c:\program files\openofficeorg1.cab
2010-02-03 06:23 . 2010-02-03 06:23 10176512 ----a-w- c:\program files\openofficeorg32.msi
2010-02-01 22:13 . 2010-02-01 22:13 290 ----a-w- c:\program files\setup.ini
2009-09-29 18:40 . 2009-09-29 18:40 75 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( SnapShot@2010-06-01_10.41.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-14 10:20 . 2010-06-14 10:20 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
- 2009-12-23 03:34 . 2010-06-01 08:08 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-23 03:34 . 2010-06-10 21:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-23 03:34 . 2010-06-10 21:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-23 03:34 . 2010-06-01 08:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-04-08 03:51 . 2010-06-10 21:14 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-04-08 03:51 . 2010-05-31 23:28 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-06-01 12:21 . 2010-06-10 21:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-06-07 23:16 . 2010-06-10 20:20 585080 c:\windows\Downloaded Installations\Autoruns\autorunsc.exe
+ 2010-06-07 23:16 . 2010-06-10 20:20 703352 c:\windows\Downloaded Installations\Autoruns\autoruns.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OA012Mon"="c:\windows\OA012Mon.exe" [2009-05-11 24576]
"WSED"="c:\program files\WSED\WSED.exe" [2009-03-31 251176]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Jason Hebel^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Jason Hebel\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 09:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"RTHDCPL"=RTHDCPL.EXE
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Broadcom Wireless Manager UI"=c:\windows\system32\WLTRAY.exe
"Alcmtr"=ALCMTR.EXE
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [9/29/2009 11:31 AM 14248]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/1/2010 4:56 PM 135336]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [9/29/2009 11:39 AM 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [9/29/2009 2:02 PM 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [9/29/2009 2:02 PM 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [9/29/2009 2:02 PM 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [9/29/2009 2:02 PM 162816]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/29/2009 2:02 PM 1684736]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
mStart Page =
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 03:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-06-14 03:45:13
ComboFix-quarantined-files.txt 2010-06-14 10:45
ComboFix2.txt 2010-06-01 10:46

Pre-Run: 138,285,899,776 bytes free
Post-Run: 138,550,562,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F54D19D11F72AD50B211A3C4D0263669


#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:03 PM

Posted 17 June 2010 - 10:55 AM

Hello, vic350
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



I will work with you from now on, Tokek has a lot of work at the moment smile.gif


Please navigate to C:\Qoobox and post back with the content of Combofix2.txt, also please open OTL, set the extra registry tab to use safe list and hit the run scan button, post back with the 2 logfiles.

How is the system running?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 vic350

vic350
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 21 June 2010 - 02:20 AM

hI Tom,
Running the same as it was a few weeks ago, I'm sure that I've acquired a virus. Here are my scans.

ComboFix 10-05-30.09 - Jason Hebel 06/01/2010 3:34.1.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.684 [GMT -7:00]
Running from: c:\documents and settings\Jason Hebel\My Documents\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))
.

2010-05-31 20:17 . 2010-05-31 20:17 -------- d-----w- c:\documents and settings\Jason Hebel\Application Data\Malwarebytes
2010-05-31 20:16 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-31 20:16 . 2010-05-31 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-31 20:16 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 20:16 . 2010-05-31 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 15:39 . 2010-05-24 15:39 503808 ----a-w- c:\documents and settings\Jason Hebel\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-46c72697-n\msvcp71.dll
2010-05-24 15:39 . 2010-05-24 15:39 499712 ----a-w- c:\documents and settings\Jason Hebel\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-46c72697-n\jmc.dll
2010-05-24 15:39 . 2010-05-24 15:39 348160 ----a-w- c:\documents and settings\Jason Hebel\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-46c72697-n\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 11:37 . 2010-04-16 19:29 -------- d-----w- c:\documents and settings\Jason Hebel\Application Data\Skype
2010-05-23 08:32 . 2010-04-16 19:18 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-16 07:09 . 2010-04-16 19:33 -------- d-----w- c:\documents and settings\Jason Hebel\Application Data\skypePM
2010-05-07 05:51 . 2010-04-16 19:56 1 ----a-w- c:\documents and settings\Jason Hebel\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-24 09:25 . 2010-04-16 19:29 -------- d-----w- c:\program files\Google
2010-04-23 10:33 . 2010-04-09 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-04-23 10:33 . 2010-04-09 07:53 -------- d-----w- c:\program files\Yahoo!
2010-04-23 10:33 . 2010-04-09 08:00 -------- d-----w- c:\documents and settings\Jason Hebel\Application Data\Yahoo!
2010-04-23 09:16 . 2010-04-23 09:16 1381532 ----a-w- c:\program files\start_ups.exe
2010-04-23 08:51 . 2010-04-23 08:51 388096 ----a-r- c:\documents and settings\Jason Hebel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-23 08:51 . 2010-04-23 08:51 -------- d-----w- c:\program files\Trend Micro
2010-04-23 08:50 . 2010-04-23 08:50 1402880 ----a-w- c:\program files\HiJackThis.msi
2010-04-17 09:43 . 2009-12-23 03:40 39392 ----a-w- c:\documents and settings\Jason Hebel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-16 19:56 . 2010-04-16 19:56 -------- d-----w- c:\documents and settings\Jason Hebel\Application Data\OpenOffice.org
2010-04-16 19:33 . 2010-04-16 19:33 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-16 19:28 . 2010-04-16 19:28 -------- d-----r- c:\program files\Skype
2010-04-16 19:28 . 2010-04-16 19:28 -------- d-----w- c:\program files\Common Files\Skype
2010-04-16 19:28 . 2010-04-16 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-16 19:27 . 2010-04-16 19:27 22928168 ----a-w- c:\program files\SkypeSetupFull.exe
2010-04-16 19:16 . 2010-04-16 19:16 -------- d-----w- c:\program files\readmes
2010-04-16 19:16 . 2010-04-16 19:16 -------- d-----w- c:\program files\redist
2010-04-16 19:16 . 2010-04-16 19:16 -------- d-----w- c:\program files\licenses
2010-04-15 08:30 . 2010-04-04 23:03 1034 ----a-w- c:\documents and settings\Jason Hebel\Application Data\wklnhst.dat
2010-04-14 07:19 . 2010-04-12 11:19 79488 ----a-w- c:\documents and settings\Jason Hebel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-13 21:47 . 2010-03-28 22:22 142 ----a-w- c:\documents and settings\Angela Kramer\Application Data\wklnhst.dat
2010-04-13 21:47 . 2010-04-13 21:47 -------- d-----w- c:\documents and settings\Angela Kramer\Application Data\Windows Search
2010-04-13 16:23 . 2010-04-13 16:23 79488 ----a-w- c:\documents and settings\Angela Kramer\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-13 16:17 . 2010-04-13 16:17 -------- d--h--r- c:\documents and settings\Angela Kramer\Application Data\yahoo!
2010-04-09 08:01 . 2010-04-09 08:01 262144 ----a-w- C:\ntuser.dat
2010-04-04 23:03 . 2010-04-04 23:03 -------- d-----w- c:\documents and settings\Jason Hebel\Application Data\Template
2010-04-02 12:54 . 2010-04-02 00:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-02 00:55 . 2010-04-02 00:07 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-04-02 00:54 . 2010-04-02 00:53 9228440 ----a-w- c:\program files\spf.exe
2010-04-01 23:55 . 2010-04-01 23:55 42281152 ----a-w- c:\program files\avira_antivir_personal_en.exe
2010-03-28 22:22 . 2010-03-28 22:10 34000 ----a-w- c:\documents and settings\Angela Kramer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-03 06:24 . 2010-02-03 06:24 135559885 ----a-w- c:\program files\openofficeorg1.cab
2010-02-03 06:23 . 2010-02-03 06:23 10176512 ----a-w- c:\program files\openofficeorg32.msi
2010-02-01 22:13 . 2010-02-01 22:13 290 ----a-w- c:\program files\setup.ini
2009-09-29 18:40 . 2009-09-29 18:40 75 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OA012Mon"="c:\windows\OA012Mon.exe" [2009-05-11 24576]
"WSED"="c:\program files\WSED\WSED.exe" [2009-03-31 251176]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Jason Hebel^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Jason Hebel\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 09:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"RTHDCPL"=RTHDCPL.EXE
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Broadcom Wireless Manager UI"=c:\windows\system32\WLTRAY.exe
"Alcmtr"=ALCMTR.EXE
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [9/29/2009 11:31 AM 14248]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [9/29/2009 2:02 PM 162816]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/1/2010 4:56 PM 135336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/29/2009 2:02 PM 1684736]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [9/29/2009 11:39 AM 143840]
S3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [9/29/2009 2:02 PM 135168]
S3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [9/29/2009 2:02 PM 133632]
S3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [9/29/2009 2:02 PM 272032]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
mStart Page =
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 03:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(216)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1560)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-06-01 03:46:15
ComboFix-quarantined-files.txt 2010-06-01 10:46

Pre-Run: 139,497,095,168 bytes free
Post-Run: 139,672,449,024 bytes free

- - End Of File - - 9ECCF66F2604D704B3380365D8DD0D33



OTL logfile created on: 6/21/2010 12:07:28 AM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jason Hebel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 577.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 128.77 Gb Free Space | 92.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINILOVE
Current User Name: Jason Hebel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/10 15:27:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
PRC - [2010/04/19 12:30:39 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/06/03 12:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/11 14:11:24 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA012Mon.exe
PRC - [2009/03/31 14:03:46 | 000,251,176 | ---- | M] (Dell) -- C:\Program Files\WSED\WSED.exe
PRC - [2009/02/23 07:03:06 | 000,320,808 | ---- | M] (Compal Electronics, Inc) -- C:\Program Files\CapsLKNotify\CapsLKNotify.exe
PRC - [2008/12/04 14:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/04 19:47:38 | 000,623,912 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2008/05/26 20:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/10 15:27:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 12:30:39 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/12/04 14:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 14:11:18 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Ufd.sys -- (OA012Ufd)
DRV - [2009/05/11 14:11:16 | 000,272,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Vid.sys -- (OA012Vid)
DRV - [2009/05/11 14:11:14 | 000,135,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Afx.sys -- (OA012Afx)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/15 15:49:28 | 000,208,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/03/15 15:48:00 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/03/15 15:44:18 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/15 14:32:18 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/15 14:32:08 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/03/15 14:31:54 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/12 09:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/02/15 14:34:40 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/01/06 16:53:14 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/04 18:24:58 | 000,014,248 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2008/04/14 05:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 05:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2001/08/17 19:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 19:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 19:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 19:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 19:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 18:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 18:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 18:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 18:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 18:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 18:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 18:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 18:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 18:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 18:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/04/22 19:56:19 | 000,392,702 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13564 more lines...
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 18:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/15 17:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\PsTools
[2010/06/14 16:55:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/06/14 16:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Anders Kjersem
[2010/06/14 16:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2010/06/14 16:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Application Data\Uniblue
[2010/06/14 03:58:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/14 03:32:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/10 17:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yikezee
[2010/06/10 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Soko3008-Win32
[2010/06/10 16:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Gem Quest
[2010/06/10 16:14:15 | 005,380,490 | ---- | C] (Drake Games ) -- C:\Program Files\gemquest.exe
[2010/06/10 15:27:26 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
[2010/06/10 15:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\peazip_portable-3.1.WINDOWS
[2010/06/10 15:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Application Data\Zipeg
[2010/06/10 15:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\com.zipeg
[2010/06/10 15:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Zipeg
[2010/06/10 15:00:36 | 001,434,248 | ---- | C] (www.zipeg.com) -- C:\Program Files\zipeg-setup.exe
[2010/06/03 12:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\My Documents\New Folder
[2010/06/01 03:30:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/01 03:30:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/01 03:30:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/01 03:30:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/01 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/01 03:26:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 18:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Desktop\gmer
[2010/05/31 13:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Application Data\Malwarebytes
[2010/05/31 13:16:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/31 13:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/31 13:16:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/31 13:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/31 12:56:55 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason Hebel\My Documents\mbam-setup-1.46.exe
[2010/05/31 00:38:51 | 001,870,688 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jason Hebel\My Documents\HousecallLauncher.exe
[2010/05/23 00:46:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/20 20:17:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/20 20:17:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/20 20:17:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/20 20:17:12 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/15 19:01:13 | 009,956,854 | -H-- | M] () -- C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\IconCache.db
[2010/06/15 17:49:24 | 000,130,337 | ---- | M] () -- C:\getservices.zip
[2010/06/15 17:44:13 | 001,683,473 | ---- | M] () -- C:\Program Files\PsTools.zip
[2010/06/15 17:11:09 | 000,014,683 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\services.rtf
[2010/06/15 16:57:52 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Jason Hebel\NTUSER.DAT
[2010/06/15 16:11:15 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\HiJackThis.lnk
[2010/06/15 14:20:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jason Hebel\ntuser.ini
[2010/06/14 17:11:04 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Application Data\wklnhst.dat
[2010/06/14 16:35:45 | 000,809,225 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\gmer.zip
[2010/06/14 16:31:56 | 000,143,187 | ---- | M] () -- C:\Program Files\zoom_setup.exe
[2010/06/14 16:13:57 | 041,524,736 | ---- | M] () -- C:\Program Files\zaSetup_92_044_000_en.exe
[2010/06/14 04:04:18 | 000,003,320 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Attach2.zip
[2010/06/14 03:42:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/14 03:33:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/14 02:45:07 | 003,707,098 | R--- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\ComboFix.exe
[2010/06/10 17:25:22 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Yikezee by PixelKick Software.lnk
[2010/06/10 17:24:56 | 000,415,683 | ---- | M] () -- C:\Program Files\install_yikezee.zip
[2010/06/10 16:45:12 | 000,674,502 | ---- | M] () -- C:\Program Files\Soko3008-Win32.zip
[2010/06/10 16:15:13 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Gem Quest.lnk
[2010/06/10 16:14:30 | 005,380,490 | ---- | M] (Drake Games ) -- C:\Program Files\gemquest.exe
[2010/06/10 15:27:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
[2010/06/10 15:23:09 | 000,003,227 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Attach1.zip
[2010/06/10 15:13:16 | 006,839,681 | ---- | M] () -- C:\Program Files\peazip_portable-3.1.WINDOWS.zip
[2010/06/10 15:00:53 | 001,434,248 | ---- | M] (www.zipeg.com) -- C:\Program Files\zipeg-setup.exe
[2010/06/10 13:13:07 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl8.rtf
[2010/06/10 11:56:30 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl5.rtf
[2010/06/10 11:56:18 | 000,006,923 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl4.rtf
[2010/06/10 11:56:00 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl3.rtf
[2010/06/10 11:55:26 | 000,001,280 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl1.rtf
[2010/06/10 11:38:43 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl.rtf
[2010/06/08 21:37:46 | 000,019,792 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\trend.rtf
[2010/05/31 17:18:11 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\dds.scr
[2010/05/31 17:14:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\defogger_reenable
[2010/05/31 17:14:18 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Defogger.exe
[2010/05/31 13:14:44 | 003,701,740 | R--- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\ComboFix.exe
[2010/05/31 12:56:55 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason Hebel\My Documents\mbam-setup-1.46.exe
[2010/05/31 12:54:30 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\rkill.exe
[2010/05/31 00:39:06 | 001,870,688 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jason Hebel\My Documents\HousecallLauncher.exe
[2010/05/27 00:29:41 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Spybot - Search & Destroy.lnk
[2010/05/27 00:18:37 | 000,003,791 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\Document.rtf
[2010/05/25 11:35:08 | 000,490,185 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cancercureddigests034to6upload.zip
[2010/05/23 04:33:31 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/15 17:49:43 | 000,053,820 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\getservice.txt
[2010/06/15 17:49:16 | 000,130,337 | ---- | C] () -- C:\getservices.zip
[2010/06/15 17:44:05 | 001,683,473 | ---- | C] () -- C:\Program Files\PsTools.zip
[2010/06/15 17:11:09 | 000,014,683 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\services.rtf
[2010/06/14 16:31:49 | 000,143,187 | ---- | C] () -- C:\Program Files\zoom_setup.exe
[2010/06/14 16:13:57 | 041,524,736 | ---- | C] () -- C:\Program Files\zaSetup_92_044_000_en.exe
[2010/06/14 04:04:18 | 000,003,320 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Attach2.zip
[2010/06/14 03:33:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/14 03:32:58 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/14 02:45:05 | 003,707,098 | R--- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\ComboFix.exe
[2010/06/10 17:25:21 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Yikezee by PixelKick Software.lnk
[2010/06/10 17:24:51 | 000,415,683 | ---- | C] () -- C:\Program Files\install_yikezee.zip
[2010/06/10 16:45:03 | 000,674,502 | ---- | C] () -- C:\Program Files\Soko3008-Win32.zip
[2010/06/10 16:15:13 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Gem Quest.lnk
[2010/06/10 15:23:09 | 000,003,227 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Attach1.zip
[2010/06/10 15:12:58 | 006,839,681 | ---- | C] () -- C:\Program Files\peazip_portable-3.1.WINDOWS.zip
[2010/06/10 13:13:07 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl8.rtf
[2010/06/10 11:56:30 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl5.rtf
[2010/06/10 11:56:18 | 000,006,923 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl4.rtf
[2010/06/10 11:56:00 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl3.rtf
[2010/06/10 11:55:26 | 000,001,280 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl1.rtf
[2010/06/10 11:38:43 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl.rtf
[2010/06/08 21:37:46 | 000,019,792 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\trend.rtf
[2010/06/01 03:54:12 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/01 03:30:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/01 03:30:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/01 03:30:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/01 03:30:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/01 03:30:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/31 17:37:20 | 000,809,225 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\gmer.zip
[2010/05/31 17:15:28 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\dds.scr
[2010/05/31 17:14:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\defogger_reenable
[2010/05/31 17:13:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Defogger.exe
[2010/05/31 13:14:42 | 003,701,740 | R--- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\ComboFix.exe
[2010/05/31 12:53:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\rkill.exe
[2010/05/27 00:18:37 | 000,003,791 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\Document.rtf
[2010/05/25 11:34:57 | 000,490,185 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cancercureddigests034to6upload.zip
[2010/04/15 01:11:29 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/29 14:02:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/09/29 13:58:41 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/09/29 11:54:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/29 11:31:50 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2009/09/29 11:30:46 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/29 11:30:44 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/04/25 18:42:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/09/27 08:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 08:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 08:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
< End of report >

========== Processes (SafeList) ==========

PRC - [2010/06/10 15:27:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
PRC - [2010/04/19 12:30:39 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/06/03 12:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/11 14:11:24 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA012Mon.exe
PRC - [2009/03/31 14:03:46 | 000,251,176 | ---- | M] (Dell) -- C:\Program Files\WSED\WSED.exe
PRC - [2009/02/23 07:03:06 | 000,320,808 | ---- | M] (Compal Electronics, Inc) -- C:\Program Files\CapsLKNotify\CapsLKNotify.exe
PRC - [2008/12/04 14:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/04 19:47:38 | 000,623,912 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2008/05/26 20:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/10 15:27:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
MOD - [2009/05/24 20:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 12:30:39 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/12/04 14:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 14:11:18 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Ufd.sys -- (OA012Ufd)
DRV - [2009/05/11 14:11:16 | 000,272,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Vid.sys -- (OA012Vid)
DRV - [2009/05/11 14:11:14 | 000,135,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Afx.sys -- (OA012Afx)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/15 15:49:28 | 000,208,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/03/15 15:48:00 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/03/15 15:44:18 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/15 14:32:18 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/15 14:32:08 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/03/15 14:31:54 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/12 09:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/02/15 14:34:40 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/01/06 16:53:14 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/04 18:24:58 | 000,014,248 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2008/04/14 05:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 05:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2001/08/17 19:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 19:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 19:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 19:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 19:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 18:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 18:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 18:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 18:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 18:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 18:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 18:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 18:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 18:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 18:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/04/22 19:56:19 | 000,392,702 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13564 more lines...
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 18:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/15 17:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\PsTools
[2010/06/14 16:55:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/06/14 16:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Anders Kjersem
[2010/06/14 16:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2010/06/14 16:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Application Data\Uniblue
[2010/06/14 03:58:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/14 03:32:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/10 17:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yikezee
[2010/06/10 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Soko3008-Win32
[2010/06/10 16:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Gem Quest
[2010/06/10 16:14:15 | 005,380,490 | ---- | C] (Drake Games ) -- C:\Program Files\gemquest.exe
[2010/06/10 15:27:26 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
[2010/06/10 15:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\peazip_portable-3.1.WINDOWS
[2010/06/10 15:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Application Data\Zipeg
[2010/06/10 15:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\com.zipeg
[2010/06/10 15:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Zipeg
[2010/06/10 15:00:36 | 001,434,248 | ---- | C] (www.zipeg.com) -- C:\Program Files\zipeg-setup.exe
[2010/06/03 12:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\My Documents\New Folder
[2010/06/01 03:30:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/01 03:30:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/01 03:30:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/01 03:30:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/01 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/01 03:26:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 18:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Desktop\gmer
[2010/05/31 13:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Application Data\Malwarebytes
[2010/05/31 13:16:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/31 13:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/31 13:16:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/31 13:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/31 12:56:55 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason Hebel\My Documents\mbam-setup-1.46.exe
[2010/05/31 00:38:51 | 001,870,688 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jason Hebel\My Documents\HousecallLauncher.exe
[2010/05/23 00:46:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/20 20:17:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/20 20:17:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/20 20:17:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/20 20:17:12 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/15 19:01:13 | 009,956,854 | -H-- | M] () -- C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\IconCache.db
[2010/06/15 17:49:24 | 000,130,337 | ---- | M] () -- C:\getservices.zip
[2010/06/15 17:44:13 | 001,683,473 | ---- | M] () -- C:\Program Files\PsTools.zip
[2010/06/15 17:11:09 | 000,014,683 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\services.rtf
[2010/06/15 16:57:52 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Jason Hebel\NTUSER.DAT
[2010/06/15 16:11:15 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\HiJackThis.lnk
[2010/06/15 14:20:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jason Hebel\ntuser.ini
[2010/06/14 17:11:04 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Application Data\wklnhst.dat
[2010/06/14 16:35:45 | 000,809,225 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\gmer.zip
[2010/06/14 16:31:56 | 000,143,187 | ---- | M] () -- C:\Program Files\zoom_setup.exe
[2010/06/14 16:13:57 | 041,524,736 | ---- | M] () -- C:\Program Files\zaSetup_92_044_000_en.exe
[2010/06/14 04:04:18 | 000,003,320 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Attach2.zip
[2010/06/14 03:42:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/14 03:33:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/14 02:45:07 | 003,707,098 | R--- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\ComboFix.exe
[2010/06/10 17:25:22 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Yikezee by PixelKick Software.lnk
[2010/06/10 17:24:56 | 000,415,683 | ---- | M] () -- C:\Program Files\install_yikezee.zip
[2010/06/10 16:45:12 | 000,674,502 | ---- | M] () -- C:\Program Files\Soko3008-Win32.zip
[2010/06/10 16:15:13 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Gem Quest.lnk
[2010/06/10 16:14:30 | 005,380,490 | ---- | M] (Drake Games ) -- C:\Program Files\gemquest.exe
[2010/06/10 15:27:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
[2010/06/10 15:23:09 | 000,003,227 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Attach1.zip
[2010/06/10 15:13:16 | 006,839,681 | ---- | M] () -- C:\Program Files\peazip_portable-3.1.WINDOWS.zip
[2010/06/10 15:00:53 | 001,434,248 | ---- | M] (www.zipeg.com) -- C:\Program Files\zipeg-setup.exe
[2010/06/10 13:13:07 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl8.rtf
[2010/06/10 11:56:30 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl5.rtf
[2010/06/10 11:56:18 | 000,006,923 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl4.rtf
[2010/06/10 11:56:00 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl3.rtf
[2010/06/10 11:55:26 | 000,001,280 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl1.rtf
[2010/06/10 11:38:43 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl.rtf
[2010/06/08 21:37:46 | 000,019,792 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\trend.rtf
[2010/05/31 17:18:11 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\dds.scr
[2010/05/31 17:14:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\defogger_reenable
[2010/05/31 17:14:18 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Defogger.exe
[2010/05/31 13:14:44 | 003,701,740 | R--- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\ComboFix.exe
[2010/05/31 12:56:55 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason Hebel\My Documents\mbam-setup-1.46.exe
[2010/05/31 12:54:30 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\rkill.exe
[2010/05/31 00:39:06 | 001,870,688 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jason Hebel\My Documents\HousecallLauncher.exe
[2010/05/27 00:29:41 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Spybot - Search & Destroy.lnk
[2010/05/27 00:18:37 | 000,003,791 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\Document.rtf
[2010/05/25 11:35:08 | 000,490,185 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cancercureddigests034to6upload.zip
[2010/05/23 04:33:31 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/15 17:49:43 | 000,053,820 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\getservice.txt
[2010/06/15 17:49:16 | 000,130,337 | ---- | C] () -- C:\getservices.zip
[2010/06/15 17:44:05 | 001,683,473 | ---- | C] () -- C:\Program Files\PsTools.zip
[2010/06/15 17:11:09 | 000,014,683 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\services.rtf
[2010/06/14 16:31:49 | 000,143,187 | ---- | C] () -- C:\Program Files\zoom_setup.exe
[2010/06/14 16:13:57 | 041,524,736 | ---- | C] () -- C:\Program Files\zaSetup_92_044_000_en.exe
[2010/06/14 04:04:18 | 000,003,320 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Attach2.zip
[2010/06/14 03:33:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/14 03:32:58 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/14 02:45:05 | 003,707,098 | R--- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\ComboFix.exe
[2010/06/10 17:25:21 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Yikezee by PixelKick Software.lnk
[2010/06/10 17:24:51 | 000,415,683 | ---- | C] () -- C:\Program Files\install_yikezee.zip
[2010/06/10 16:45:03 | 000,674,502 | ---- | C] () -- C:\Program Files\Soko3008-Win32.zip
[2010/06/10 16:15:13 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Gem Quest.lnk
[2010/06/10 15:23:09 | 000,003,227 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Attach1.zip
[2010/06/10 15:12:58 | 006,839,681 | ---- | C] () -- C:\Program Files\peazip_portable-3.1.WINDOWS.zip
[2010/06/10 13:13:07 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl8.rtf
[2010/06/10 11:56:30 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl5.rtf
[2010/06/10 11:56:18 | 000,006,923 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl4.rtf
[2010/06/10 11:56:00 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl3.rtf
[2010/06/10 11:55:26 | 000,001,280 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl1.rtf
[2010/06/10 11:38:43 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl.rtf
[2010/06/08 21:37:46 | 000,019,792 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\trend.rtf
[2010/06/01 03:54:12 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/01 03:30:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/01 03:30:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/01 03:30:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/01 03:30:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/01 03:30:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/31 17:37:20 | 000,809,225 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\gmer.zip
[2010/05/31 17:15:28 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\dds.scr
[2010/05/31 17:14:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\defogger_reenable
[2010/05/31 17:13:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Defogger.exe
[2010/05/31 13:14:42 | 003,701,740 | R--- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\ComboFix.exe
[2010/05/31 12:53:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\rkill.exe
[2010/05/27 00:18:37 | 000,003,791 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\Document.rtf
[2010/05/25 11:34:57 | 000,490,185 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cancercureddigests034to6upload.zip
[2010/04/15 01:11:29 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/29 14:02:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/09/29 13:58:41 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/09/29 11:54:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/29 11:31:50 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2009/09/29 11:30:46 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/29 11:30:44 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/04/25 18:42:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/09/27 08:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 08:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 08:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

< End of report >

OTL Extras logfile created on: 6/21/2010 12:07:28 AM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jason Hebel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 577.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 128.77 Gb Free Space | 92.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINILOVE
Current User Name: Jason Hebel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA012" = Integrated Webcam Driver (1.02.02.0403)
"Dell Webcam Central" = Dell Webcam Central
"Gem Quest_is1" = Gem Quest 1.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Dell Touchpad
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yikezee" = Yikezee

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2010 5:30:38 PM | Computer Name = MINILOVE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 5/31/2010 8:48:09 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 5/31/2010 9:07:14 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 4:06:13 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 4:19:09 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 5:26:40 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 6:57:45 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 7:11:56 AM | Computer Name = MINILOVE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 6/1/2010 7:11:58 AM | Computer Name = MINILOVE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 6/2/2010 2:22:41 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

[ System Events ]
Error - 6/10/2010 4:13:16 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 6/10/2010 4:19:32 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/10/2010 12:57:41 PM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 6/11/2010 12:57:10 AM | Computer Name = MINILOVE | Source = PSched | ID = 14103
Description = QoS [Adapter {6FB157C5-026C-401D-B678-0F0A2056AD77}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 6/12/2010 11:02:26 AM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 00000077, parameter1 00000001, parameter2 00000000, parameter3
00000000, parameter4 a9148c4c.

Error - 6/14/2010 6:33:46 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/14/2010 10:43:46 PM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 e516b000, parameter2 00000000, parameter3
a8884c3e, parameter4 00000001.

Error - 6/15/2010 6:09:09 AM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000007, parameter2 00028447, parameter3
00000001, parameter4 00000000.

Error - 6/15/2010 11:53:39 AM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 8428b00c.

Error - 6/20/2010 11:17:46 PM | Computer Name = MINILOVE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 0C60764F3A2A has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA012" = Integrated Webcam Driver (1.02.02.0403)
"Dell Webcam Central" = Dell Webcam Central
"Gem Quest_is1" = Gem Quest 1.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Dell Touchpad
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yikezee" = Yikezee

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2010 5:30:38 PM | Computer Name = MINILOVE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 5/31/2010 8:48:09 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 5/31/2010 9:07:14 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 4:06:13 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 4:19:09 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 5:26:40 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 6:57:45 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 7:11:56 AM | Computer Name = MINILOVE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 6/1/2010 7:11:58 AM | Computer Name = MINILOVE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 6/2/2010 2:22:41 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

[ System Events ]
Error - 6/10/2010 4:13:16 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 6/10/2010 4:19:32 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/10/2010 12:57:41 PM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 6/11/2010 12:57:10 AM | Computer Name = MINILOVE | Source = PSched | ID = 14103
Description = QoS [Adapter {6FB157C5-026C-401D-B678-0F0A2056AD77}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 6/12/2010 11:02:26 AM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 00000077, parameter1 00000001, parameter2 00000000, parameter3
00000000, parameter4 a9148c4c.

Error - 6/14/2010 6:33:46 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/14/2010 10:43:46 PM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 e516b000, parameter2 00000000, parameter3
a8884c3e, parameter4 00000001.

Error - 6/15/2010 6:09:09 AM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000007, parameter2 00028447, parameter3
00000001, parameter4 00000000.

Error - 6/15/2010 11:53:39 AM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 8428b00c.

Error - 6/20/2010 11:17:46 PM | Computer Name = MINILOVE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 0C60764F3A2A has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA012" = Integrated Webcam Driver (1.02.02.0403)
"Dell Webcam Central" = Dell Webcam Central
"Gem Quest_is1" = Gem Quest 1.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Dell Touchpad
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yikezee" = Yikezee

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2010 5:30:38 PM | Computer Name = MINILOVE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 5/31/2010 8:48:09 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 5/31/2010 9:07:14 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 4:06:13 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 4:19:09 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 5:26:40 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 6:57:45 AM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 6/1/2010 7:11:56 AM | Computer Name = MINILOVE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 6/1/2010 7:11:58 AM | Computer Name = MINILOVE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 6/2/2010 2:22:41 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

[ System Events ]
Error - 6/10/2010 4:13:16 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 6/10/2010 4:19:32 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/10/2010 12:57:41 PM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 6/11/2010 12:57:10 AM | Computer Name = MINILOVE | Source = PSched | ID = 14103
Description = QoS [Adapter {6FB157C5-026C-401D-B678-0F0A2056AD77}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 6/12/2010 11:02:26 AM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 00000077, parameter1 00000001, parameter2 00000000, parameter3
00000000, parameter4 a9148c4c.

Error - 6/14/2010 6:33:46 AM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/14/2010 10:43:46 PM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 e516b000, parameter2 00000000, parameter3
a8884c3e, parameter4 00000001.

Error - 6/15/2010 6:09:09 AM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000007, parameter2 00028447, parameter3
00000001, parameter4 00000000.

Error - 6/15/2010 11:53:39 AM | Computer Name = MINILOVE | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 8428b00c.

Error - 6/20/2010 11:17:46 PM | Computer Name = MINILOVE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 0C60764F3A2A has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:03 PM

Posted 22 June 2010 - 03:11 PM

Hi,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u20-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u20-windows-i586.exe and select "Run as an Administrator.")





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 vic350

vic350
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 22 June 2010 - 08:03 PM

Hi,
I did as you asked with Java. I downloaded the online scan and scanned my computer. It finished without finding any viruses, I'm surprised. For some reason I'm suspecting a "service" that starts when I start the computer. It could be "WindowsSearch" but I'm not sure. I have a list of quarintined items that Alvira found, what should I do with the file?
What next? Thanks, Vickie

#13 vic350

vic350
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 23 June 2010 - 12:54 PM

here is what alvira found:


Avira AntiVir Personal
Report file date: Tuesday, June 01, 2010 09:43
Scanning for 2177792 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MINILOVE

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/19/2010 19:30:40
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/19/2010 19:30:39
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 01:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 23:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 18:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 19:30:38
VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 19:30:38
VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 19:30:38
VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 19:30:38
VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 19:30:38
VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 19:30:38
VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 19:30:38
VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 19:30:38
VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 19:30:38
VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 19:30:38
VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 22:18:42
VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 09:29:05
VBASE017.VDF : 7.10.6.206 120320 Bytes 4/26/2010 20:54:23
VBASE018.VDF : 7.10.6.232 99328 Bytes 4/28/2010 04:42:21
VBASE019.VDF : 7.10.7.2 155648 Bytes 4/30/2010 04:42:25
VBASE020.VDF : 7.10.7.26 119808 Bytes 5/4/2010 01:14:54
VBASE021.VDF : 7.10.7.51 118272 Bytes 5/6/2010 01:00:50
VBASE022.VDF : 7.10.7.75 404992 Bytes 5/10/2010 00:34:32
VBASE023.VDF : 7.10.7.100 125440 Bytes 5/13/2010 10:32:24
VBASE024.VDF : 7.10.7.119 177664 Bytes 5/17/2010 15:36:31
VBASE025.VDF : 7.10.7.139 129024 Bytes 5/19/2010 15:36:33
VBASE026.VDF : 7.10.7.157 145920 Bytes 5/21/2010 15:36:35
VBASE027.VDF : 7.10.7.173 147456 Bytes 5/25/2010 15:58:00
VBASE028.VDF : 7.10.7.189 120320 Bytes 5/27/2010 09:46:16
VBASE029.VDF : 7.10.7.202 130560 Bytes 5/31/2010 16:00:40
VBASE030.VDF : 7.10.7.203 2048 Bytes 5/31/2010 16:00:40
VBASE031.VDF : 7.10.7.204 30720 Bytes 5/31/2010 16:00:41
Engineversion : 8.2.1.242
AEVDF.DLL : 8.1.2.0 106868 Bytes 4/24/2010 09:29:23
AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 5/13/2010 13:38:16
AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 13:38:08
AESBX.DLL : 8.1.3.1 254324 Bytes 4/24/2010 09:29:25
AERDL.DLL : 8.1.4.6 541043 Bytes 4/19/2010 19:30:39
AEPACK.DLL : 8.2.1.1 426358 Bytes 4/1/2010 23:58:59
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/13/2010 13:38:07
AEHEUR.DLL : 8.1.1.27 2670967 Bytes 5/6/2010 01:15:16
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 23:58:41
AEGEN.DLL : 8.1.3.9 377203 Bytes 5/13/2010 13:38:04
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/24/2010 09:29:15
AECORE.DLL : 8.1.15.3 192886 Bytes 5/13/2010 13:38:00
AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 09:29:13
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 19:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 23:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/19/2010 19:30:40
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/19/2010 19:30:40
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/19/2010 19:30:39
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 16:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/19/2010 19:30:37

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4c3dc269\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Deviating archive types.............: +MS Outlook Mailbox,
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +JOKE,+PCK,+SPR,

Start of the scan: Tuesday, June 01, 2010 09:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'mcshield.exe' - '1' Module(s) have been scanned
Scan process 'mcsysmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'BTMeter.exe' - '1' Module(s) have been scanned
Scan process 'CapsLKNotify.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'WSED.exe' - '1' Module(s) have been scanned
Scan process 'OA012Mon.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'MskSrver.exe' - '1' Module(s) have been scanned
Scan process 'MPFSrv.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'McProxy.exe' - '1' Module(s) have been scanned
Scan process 'mcnasvc.exe' - '1' Module(s) have been scanned
Scan process 'mcmscsvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP43\A0010669.exe'
C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP43\A0010669.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to the quarantine directory under the name '4de29865.qua'.


End of the scan: Tuesday, June 01, 2010 09:44
Used time: 00:27 Minute(s)

The scan has been done completely.

0 Scanned directories
45 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
44 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.




Avira AntiVir Personal
Report file date: Friday, May 28, 2010 02:48
Scanning for 2168100 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Jason Hebel
Computer name : MINILOVE

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/19/2010 19:30:40
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/19/2010 19:30:39
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 01:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 23:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 18:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 19:30:38
VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 19:30:38
VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 19:30:38
VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 19:30:38
VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 19:30:38
VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 19:30:38
VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 19:30:38
VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 19:30:38
VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 19:30:38
VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 19:30:38
VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 22:18:42
VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 09:29:05
VBASE017.VDF : 7.10.6.206 120320 Bytes 4/26/2010 20:54:23
VBASE018.VDF : 7.10.6.232 99328 Bytes 4/28/2010 04:42:21
VBASE019.VDF : 7.10.7.2 155648 Bytes 4/30/2010 04:42:25
VBASE020.VDF : 7.10.7.26 119808 Bytes 5/4/2010 01:14:54
VBASE021.VDF : 7.10.7.51 118272 Bytes 5/6/2010 01:00:50
VBASE022.VDF : 7.10.7.75 404992 Bytes 5/10/2010 00:34:32
VBASE023.VDF : 7.10.7.100 125440 Bytes 5/13/2010 10:32:24
VBASE024.VDF : 7.10.7.119 177664 Bytes 5/17/2010 15:36:31
VBASE025.VDF : 7.10.7.139 129024 Bytes 5/19/2010 15:36:33
VBASE026.VDF : 7.10.7.157 145920 Bytes 5/21/2010 15:36:35
VBASE027.VDF : 7.10.7.173 147456 Bytes 5/25/2010 15:58:00
VBASE028.VDF : 7.10.7.189 120320 Bytes 5/27/2010 09:46:16
VBASE029.VDF : 7.10.7.190 2048 Bytes 5/27/2010 09:46:16
VBASE030.VDF : 7.10.7.191 2048 Bytes 5/27/2010 09:46:17
VBASE031.VDF : 7.10.7.192 19968 Bytes 5/28/2010 09:46:17
Engineversion : 8.2.1.242
AEVDF.DLL : 8.1.2.0 106868 Bytes 4/24/2010 09:29:23
AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 5/13/2010 13:38:16
AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 13:38:08
AESBX.DLL : 8.1.3.1 254324 Bytes 4/24/2010 09:29:25
AERDL.DLL : 8.1.4.6 541043 Bytes 4/19/2010 19:30:39
AEPACK.DLL : 8.2.1.1 426358 Bytes 4/1/2010 23:58:59
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/13/2010 13:38:07
AEHEUR.DLL : 8.1.1.27 2670967 Bytes 5/6/2010 01:15:16
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 23:58:41
AEGEN.DLL : 8.1.3.9 377203 Bytes 5/13/2010 13:38:04
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/24/2010 09:29:15
AECORE.DLL : 8.1.15.3 192886 Bytes 5/13/2010 13:38:00
AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 09:29:13
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 19:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 23:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/19/2010 19:30:40
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/19/2010 19:30:40
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/19/2010 19:30:39
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 16:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/19/2010 19:30:37

Configuration settings for the scan:
Jobname.............................: Scan for Rootkits and active malware
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 30
Smart extensions....................: on
Deviating archive types.............: +MS Outlook Mailbox,
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +JOKE,+PCK,+SPR,

Start of the scan: Friday, May 28, 2010 02:48

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-2595322204-109755293-3362071032-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore\time
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '88' Module(s) have been scanned
Scan process 'WORDPAD.EXE' - '31' Module(s) have been scanned
Scan process 'wltuser.exe' - '47' Module(s) have been scanned
Scan process 'iexplore.exe' - '131' Module(s) have been scanned
Scan process 'iexplore.exe' - '75' Module(s) have been scanned
Scan process 'mcsysmon.exe' - '48' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '65' Module(s) have been scanned
Scan process 'msmsgs.exe' - '42' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '34' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '57' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '56' Module(s) have been scanned
Scan process 'CapsLKNotify.exe' - '21' Module(s) have been scanned
Scan process 'BTMeter.exe' - '23' Module(s) have been scanned
Scan process 'WSED.exe' - '28' Module(s) have been scanned
Scan process 'WLTRAY.exe' - '45' Module(s) have been scanned
Scan process 'jusched.exe' - '28' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '23' Module(s) have been scanned
Scan process 'OA012Mon.exe' - '28' Module(s) have been scanned
Scan process 'igfxpers.exe' - '23' Module(s) have been scanned
Scan process 'hkcmd.exe' - '26' Module(s) have been scanned
Scan process 'igfxtray.exe' - '27' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '36' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '15' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '27' Module(s) have been scanned
Scan process 'mcagent.exe' - '74' Module(s) have been scanned
Scan process 'Explorer.EXE' - '122' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '55' Module(s) have been scanned
Scan process 'SeaPort.exe' - '55' Module(s) have been scanned
Scan process 'MskSrver.exe' - '54' Module(s) have been scanned
Scan process 'MPFSrv.exe' - '68' Module(s) have been scanned
Scan process 'mcshield.exe' - '73' Module(s) have been scanned
Scan process 'McProxy.exe' - '58' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'mcnasvc.exe' - '104' Module(s) have been scanned
Scan process 'mcmscsvc.exe' - '105' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'spoolsv.exe' - '54' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '53' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '11' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '166' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '439' files ).


Starting the file scan:

Begin scan in 'C:' <OS>
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\28P0QJB4\ads[10].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\28P0QJB4\ads[6].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\C2GO8ZUJ\ads[2].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\C2GO8ZUJ\ads[4].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\FSQ0YYKM\adsCA10VI53.htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\FSQ0YYKM\ads[6].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\HBNHA0MC\ads[8].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\L3TVZ1MI\adsCAMPCPFC.htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\MHS03X32\ads[10].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\PX6HHMK1\ads[5].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\QV2DS5LE\adsCAB65SY1.htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\UFI1GL6F\adsCAITWWWU.htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\UFI1GL6F\ads[5].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\X2JS4VOS\ads[3].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

Beginning disinfection:
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\X2JS4VOS\ads[3].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '46e6710c.qua'.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\UFI1GL6F\ads[5].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '5e715eab.qua'.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\UFI1GL6F\adsCAITWWWU.htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '0c2e0444.qua'.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\QV2DS5LE\adsCAB65SY1.htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '6a194b86.qua'.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\PX6HHMK1\ads[5].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[WARNING] The file could not be copied to quarantine!
[WARNING] The file does not exist!
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\MHS03X32\ads[10].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '508654e6.qua'.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\L3TVZ1MI\adsCAMPCPFC.htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '1c3e78ac.qua'.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\HBNHA0MC\ads[8].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '602638fc.qua'.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\FSQ0YYKM\ads[6].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '4d7c17b1.qua'.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\FSQ0YYKM\adsCA10VI53.htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '54142c2b.qua'.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\C2GO8ZUJ\ads[4].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '3848001b.qua'.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\C2GO8ZUJ\ads[2].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '49f1398e.qua'.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\28P0QJB4\ads[6].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '47eb0949.qua'.
C:\Documents and Settings\Jason Hebel\Local Settings\Temporary Internet Files\Content.IE5\28P0QJB4\ads[10].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '02c2700b.qua'.
The repair notes were written to the file 'C:\avrescue\rescue.avp'.


End of the scan: Friday, May 28, 2010 11:00Used time: 1:02:00 Hour(s)

The scan has been done completely.

5767 Scanned directories
289308 Files were scanned
14 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
13 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
289294 Files not concerned
11452 Archives were scanned
1 Warnings
14 Notes
431520 Objects were scanned with rootkit scan
2 Hidden objects were found



#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:03 PM

Posted 25 June 2010 - 12:06 PM

These were temp-files and entries in system restore.

Please post back with a fresh OTL logfile and tell me how the system is running.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 vic350

vic350
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 25 June 2010 - 05:23 PM

What shiould I do with them? delete the items in quarintine? or leave them alone? My computer is still not able to bring up web pages quickly, it seems to get stuck and I have to shut down and restart. also when I'm not doing anything to use much memory, I look at task manager and a service called "WindowsSearch.exe" is using up all the memory. I don't recall seeing this service before?
Here are my OTL logs: Thanks so much for your expertise,! Vickie

OTL logfile created on: 6/25/2010 2:35:31 PM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jason Hebel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 518.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 128.56 Gb Free Space | 92.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINILOVE
Current User Name: Jason Hebel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/10 15:27:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
PRC - [2010/04/19 12:30:39 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/06/03 12:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/11 14:11:24 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA012Mon.exe
PRC - [2009/03/31 14:03:46 | 000,251,176 | ---- | M] (Dell) -- C:\Program Files\WSED\WSED.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 07:03:06 | 000,320,808 | ---- | M] (Compal Electronics, Inc) -- C:\Program Files\CapsLKNotify\CapsLKNotify.exe
PRC - [2008/12/04 14:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/04 19:47:38 | 000,623,912 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2008/05/26 20:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/10 15:27:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 12:30:39 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/12/04 14:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 14:11:18 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Ufd.sys -- (OA012Ufd)
DRV - [2009/05/11 14:11:16 | 000,272,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Vid.sys -- (OA012Vid)
DRV - [2009/05/11 14:11:14 | 000,135,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Afx.sys -- (OA012Afx)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/15 15:49:28 | 000,208,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/03/15 15:48:00 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/03/15 15:44:18 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/15 14:32:18 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/15 14:32:08 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/03/15 14:31:54 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/12 09:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/02/15 14:34:40 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/01/06 16:53:14 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/04 18:24:58 | 000,014,248 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2008/04/14 05:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 05:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2001/08/17 19:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 19:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 19:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 19:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 19:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 18:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 18:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 18:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 18:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 18:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 18:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 18:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 18:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 18:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 18:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/04/22 19:56:19 | 000,392,702 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13564 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 18:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/25 18:45:17 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/24 10:48:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/22 16:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/22 15:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/22 15:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/22 15:57:56 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/22 15:57:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/22 15:57:56 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/22 15:57:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/22 15:57:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/22 15:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/06/22 15:50:38 | 016,295,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jason Hebel\Desktop\jre-6u20-windows-i586.exe
[2010/06/21 11:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Desktop\gmer log
[2010/06/21 11:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Desktop\combofx
[2010/06/21 11:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Desktop\DDS
[2010/06/21 11:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Desktop\ole
[2010/06/15 17:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\PsTools
[2010/06/14 16:55:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/06/14 16:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Anders Kjersem
[2010/06/14 16:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2010/06/14 16:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Application Data\Uniblue
[2010/06/14 03:58:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/14 03:32:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/10 17:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yikezee
[2010/06/10 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Soko3008-Win32
[2010/06/10 16:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Gem Quest
[2010/06/10 16:14:15 | 005,380,490 | ---- | C] (Drake Games ) -- C:\Program Files\gemquest.exe
[2010/06/10 15:27:26 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
[2010/06/10 15:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\peazip_portable-3.1.WINDOWS
[2010/06/10 15:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Application Data\Zipeg
[2010/06/10 15:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\com.zipeg
[2010/06/10 15:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Zipeg
[2010/06/10 15:00:36 | 001,434,248 | ---- | C] (www.zipeg.com) -- C:\Program Files\zipeg-setup.exe
[2010/06/03 12:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\My Documents\New Folder
[2010/06/01 03:30:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/01 03:30:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/01 03:30:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/01 03:30:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/01 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/01 03:26:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 18:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Desktop\gmer
[2010/05/31 13:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Hebel\Application Data\Malwarebytes
[2010/05/31 13:16:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/31 13:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/31 13:16:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/31 13:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/31 12:56:55 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason Hebel\My Documents\mbam-setup-1.46.exe
[2010/05/31 00:38:51 | 001,870,688 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jason Hebel\My Documents\HousecallLauncher.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/25 14:28:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/25 14:28:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/25 14:28:02 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/25 11:29:46 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Jason Hebel\NTUSER.DAT
[2010/06/25 11:29:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jason Hebel\ntuser.ini
[2010/06/25 11:29:29 | 009,941,198 | -H-- | M] () -- C:\Documents and Settings\Jason Hebel\Local Settings\Application Data\IconCache.db
[2010/06/25 02:44:35 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Microsoft Works Spreadsheet.lnk
[2010/06/25 02:44:02 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Microsoft Works Word Processor.lnk
[2010/06/25 02:43:36 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Microsoft Works Calendar.lnk
[2010/06/23 11:59:46 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\HiJackThis.lnk
[2010/06/23 10:56:23 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Avira AntiVir Personal Profile Scan for Rootkits and active malware.LNK
[2010/06/22 15:57:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/22 15:57:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/22 15:57:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/22 15:57:36 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/22 15:57:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/22 15:50:38 | 016,295,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jason Hebel\Desktop\jre-6u20-windows-i586.exe
[2010/06/20 20:17:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/15 17:49:24 | 000,130,337 | ---- | M] () -- C:\getservices.zip
[2010/06/15 17:44:13 | 001,683,473 | ---- | M] () -- C:\Program Files\PsTools.zip
[2010/06/15 17:11:09 | 000,014,683 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\services.rtf
[2010/06/14 17:11:04 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Application Data\wklnhst.dat
[2010/06/14 16:31:56 | 000,143,187 | ---- | M] () -- C:\Program Files\zoom_setup.exe
[2010/06/14 16:13:57 | 041,524,736 | ---- | M] () -- C:\Program Files\zaSetup_92_044_000_en.exe
[2010/06/14 03:42:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/14 03:33:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/14 02:45:07 | 003,707,098 | R--- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\ComboFix.exe
[2010/06/10 17:25:22 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Yikezee by PixelKick Software.lnk
[2010/06/10 17:24:56 | 000,415,683 | ---- | M] () -- C:\Program Files\install_yikezee.zip
[2010/06/10 16:45:12 | 000,674,502 | ---- | M] () -- C:\Program Files\Soko3008-Win32.zip
[2010/06/10 16:15:13 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Gem Quest.lnk
[2010/06/10 16:14:30 | 005,380,490 | ---- | M] (Drake Games ) -- C:\Program Files\gemquest.exe
[2010/06/10 15:27:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Hebel\Desktop\OTL.exe
[2010/06/10 15:13:16 | 006,839,681 | ---- | M] () -- C:\Program Files\peazip_portable-3.1.WINDOWS.zip
[2010/06/10 15:00:53 | 001,434,248 | ---- | M] (www.zipeg.com) -- C:\Program Files\zipeg-setup.exe
[2010/06/10 13:13:07 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl8.rtf
[2010/06/10 11:56:30 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl5.rtf
[2010/06/10 11:56:18 | 000,006,923 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl4.rtf
[2010/06/10 11:56:00 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl3.rtf
[2010/06/10 11:55:26 | 000,001,280 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl1.rtf
[2010/06/10 11:38:43 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl.rtf
[2010/06/08 21:37:46 | 000,019,792 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\trend.rtf
[2010/05/31 17:18:11 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\dds.scr
[2010/05/31 17:14:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\defogger_reenable
[2010/05/31 17:14:18 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Defogger.exe
[2010/05/31 13:14:44 | 003,701,740 | R--- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\ComboFix.exe
[2010/05/31 12:56:55 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason Hebel\My Documents\mbam-setup-1.46.exe
[2010/05/31 12:54:30 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\rkill.exe
[2010/05/31 00:39:06 | 001,870,688 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jason Hebel\My Documents\HousecallLauncher.exe
[2010/05/27 00:29:41 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\Desktop\Spybot - Search & Destroy.lnk
[2010/05/27 00:18:37 | 000,003,791 | ---- | M] () -- C:\Documents and Settings\Jason Hebel\My Documents\Document.rtf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/23 10:56:23 | 000,001,823 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Avira AntiVir Personal Profile Scan for Rootkits and active malware.LNK
[2010/06/15 17:49:43 | 000,053,820 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\getservice.txt
[2010/06/15 17:49:16 | 000,130,337 | ---- | C] () -- C:\getservices.zip
[2010/06/15 17:44:05 | 001,683,473 | ---- | C] () -- C:\Program Files\PsTools.zip
[2010/06/15 17:11:09 | 000,014,683 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\services.rtf
[2010/06/14 16:31:49 | 000,143,187 | ---- | C] () -- C:\Program Files\zoom_setup.exe
[2010/06/14 16:13:57 | 041,524,736 | ---- | C] () -- C:\Program Files\zaSetup_92_044_000_en.exe
[2010/06/14 03:33:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/14 03:32:58 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/14 02:45:05 | 003,707,098 | R--- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\ComboFix.exe
[2010/06/10 17:25:21 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Yikezee by PixelKick Software.lnk
[2010/06/10 17:24:51 | 000,415,683 | ---- | C] () -- C:\Program Files\install_yikezee.zip
[2010/06/10 16:45:03 | 000,674,502 | ---- | C] () -- C:\Program Files\Soko3008-Win32.zip
[2010/06/10 16:15:13 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Gem Quest.lnk
[2010/06/10 15:12:58 | 006,839,681 | ---- | C] () -- C:\Program Files\peazip_portable-3.1.WINDOWS.zip
[2010/06/10 13:13:07 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl8.rtf
[2010/06/10 11:56:30 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl5.rtf
[2010/06/10 11:56:18 | 000,006,923 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl4.rtf
[2010/06/10 11:56:00 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl3.rtf
[2010/06/10 11:55:26 | 000,001,280 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl1.rtf
[2010/06/10 11:38:43 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\cl.rtf
[2010/06/08 21:37:46 | 000,019,792 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\trend.rtf
[2010/06/01 03:54:12 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/01 03:30:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/01 03:30:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/01 03:30:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/01 03:30:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/01 03:30:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/31 17:15:28 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\dds.scr
[2010/05/31 17:14:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\defogger_reenable
[2010/05/31 17:13:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\Desktop\Defogger.exe
[2010/05/31 13:14:42 | 003,701,740 | R--- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\ComboFix.exe
[2010/05/31 12:53:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\rkill.exe
[2010/05/27 00:18:37 | 000,003,791 | ---- | C] () -- C:\Documents and Settings\Jason Hebel\My Documents\Document.rtf
[2010/04/15 01:11:29 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/29 14:02:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/09/29 13:58:41 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/09/29 11:54:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/29 11:31:50 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2009/09/29 11:30:46 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/29 11:30:44 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/04/25 18:42:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/09/27 08:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 08:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 08:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/25 06:37:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/25 06:37:49 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/25 06:37:49 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

< >

< End of report >



OTL Extras logfile created on: 6/25/2010 2:35:31 PM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jason Hebel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 518.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 128.56 Gb Free Space | 92.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINILOVE
Current User Name: Jason Hebel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA012" = Integrated Webcam Driver (1.02.02.0403)
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"Gem Quest_is1" = Gem Quest 1.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Dell Touchpad
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yikezee" = Yikezee

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2010 12:49:01 AM | Computer Name = MINILOVE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/31/2010 12:49:01 AM | Computer Name = MINILOVE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/31/2010 12:49:01 AM | Computer Name = MINILOVE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/31/2010 12:49:02 AM | Computer Name = MINILOVE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/31/2010 12:49:02 AM | Computer Name = MINILOVE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/31/2010 3:35:55 AM | Computer Name = MINILOVE | Source = Application Hang | ID = 1002
Description = Hanging application avscan.exe, version 10.0.3.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/31/2010 5:30:38 PM | Computer Name = MINILOVE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 5/31/2010 5:30:38 PM | Computer Name = MINILOVE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 5/31/2010 8:48:09 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

Error - 5/31/2010 9:07:14 PM | Computer Name = MINILOVE | Source = McLogEvent | ID = 5051
Description =

[ System Events ]
Error - 6/22/2010 6:55:11 PM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/22/2010 6:55:11 PM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/22/2010 6:55:11 PM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/22/2010 6:55:11 PM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/22/2010 6:55:12 PM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/22/2010 6:55:12 PM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/22/2010 6:55:12 PM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/22/2010 6:55:12 PM | Computer Name = MINILOVE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/23/2010 12:07:33 PM | Computer Name = MINILOVE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.8 for the Network Card with network
address 0C60764F3A2A has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/24/2010 2:09:57 AM | Computer Name = MINILOVE | Source = DCOM | ID = 10010
Description = The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register
with DCOM within the required timeout.


< End of report >








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users