Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijackthis [ 1 attachment]


  • This topic is locked This topic is locked
30 replies to this topic

#1 bbqchick

bbqchick

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:north carolina
  • Local time:09:36 AM

Posted 18 July 2010 - 05:39 PM

i don't know much about computers;besides how to turn them on and off. i need a hijackthis log decifered for me. what am i supposed to keep or get rid of from the log?

Attached Files


be good to each other

BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:36 AM

Posted 25 July 2010 - 12:15 PM

Hi bbqchick,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

STEP 1 - Preparation Guide

Please follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.

STEP 2 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 4 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 5 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 bbqchick

bbqchick
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:north carolina
  • Local time:09:36 AM

Posted 29 July 2010 - 01:22 AM

ATTN:mpascal
My teenager helped with the copy and pasting. I hope it all arrived. Good luck with this. Thank you for your help.
Please use small words, my teenager wants to abandon me.
sincerely,
bbqchick
------------------MALWARE BYTE--------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4364

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/29/2010 12:04:59 AM
mbam-log-2010-07-29 (00-04-59).txt

Scan type: Quick scan
Objects scanned: 139547
Time elapsed: 12 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------------------GMER-------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-29 01:34:05
Windows 5.1.2600 Service Pack 3
Running: 5b4cu60b.exe; Driver: C:\DOCUME~1\Home\LOCALS~1\Temp\aglyqaoc.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF73900B0]
SSDT sptd.sys ZwEnumerateKey [0xF739584C]
SSDT sptd.sys ZwEnumerateValueKey [0xF7395BEC]
SSDT sptd.sys ZwOpenKey [0xF7390090]
SSDT sptd.sys ZwQueryKey [0xF7395CC4]
SSDT sptd.sys ZwQueryValueKey [0xF7395B44]
SSDT sptd.sys ZwSetValueKey [0xF7395D56]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF4FD2620]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F6B7E8AC 5 Bytes JMP 84DCB1B8
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF751FB8D]
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF7847300]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1620] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 00C21102 C:\Program Files\Unlocker\UnlockerHook.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F73A4580] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F73A452C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73BEAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F73A4580] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7390ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7390C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7390B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F739172E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7391604] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73A3B9A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84F251D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C03C49A8-B7E2-4E19-BE42-BD41EF9682D9} 84CD11D8
Device \Driver\usbohci \Device\USBPDO-0 84E341D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 84EB71D8
Device \Driver\dmio \Device\DmControl\DmConfig 84EB71D8
Device \Driver\dmio \Device\DmControl\DmPnP 84EB71D8
Device \Driver\dmio \Device\DmControl\DmInfo 84EB71D8
Device \Driver\usbohci \Device\USBPDO-1 84E341D8
Device \Driver\usbehci \Device\USBPDO-2 84E2D4B8
Device \Driver\usbstor \Device\00000070 84CDC880
Device \Driver\Ftdisk \Device\HarddiskVolume1 84F271D8
Device \Driver\usbstor \Device\00000071 84CDC880
Device \Driver\Cdrom \Device\CdRom0 84D741D8
Device \Driver\usbstor \Device\00000072 84CDC880
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72E4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F72E4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F72E4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F72E4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\usbstor \Device\00000073 84CDC880
Device \Driver\NetBT \Device\NetBt_Wins_Export 84CD11D8
Device \Driver\NetBT \Device\NetbiosSmb 84CD11D8
Device \Driver\usbohci \Device\USBFDO-0 84E341D8
Device \Driver\usbohci \Device\USBFDO-1 84E341D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84D2F1D8
Device \Driver\usbehci \Device\USBFDO-2 84E2D4B8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84D2F1D8
Device \Driver\usbstor \Device\0000006f 84CDC880
Device \Driver\Ftdisk \Device\FtControl 84F271D8
Device \FileSystem\Cdfs \Cdfs 84C481D8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 123408498
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1426436599

---- EOF - GMER 1.0.15 ----


-----------OTLISISTIT--------------------
OTL logfile created on: 7/29/2010 1:56:25 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Home\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 71.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 24.61 Gb Free Space | 22.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MY_PC_05_2007
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Home\My Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe (iWin Inc.)
PRC - C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
PRC - C:\Program Files\RebateInformer\RebateInf.exe (Inbox.com, Inc.)
PRC - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\iWin Games\iWinGamesInstaller.exe (iWin Inc.)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Home\My Documents\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (iWinGamesInstaller) -- C:\Program Files\iWin Games\iWinGamesInstaller.exe (iWin Inc.)


========== Driver Services (SafeList) ==========

DRV - (Sunkfiltp) -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys File not found
DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PTDLWWAN) -- C:\WINDOWS\system32\drivers\PTDLWWAN.sys (DEVGURU Co,LTD.)
DRV - (PTDLVsp) -- C:\WINDOWS\system32\drivers\PTDLVsp.sys (DEVGURU Co,LTD.)
DRV - (PTDLMdm) -- C:\WINDOWS\system32\drivers\PTDLMdm.sys (DEVGURU Co,LTD.)
DRV - (PTDLBus) -- C:\WINDOWS\system32\drivers\PTDLBus.sys (DEVGURU Co,LTD.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PTDMWWAN) -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys (DEVGURU Co,LTD.)
DRV - (PTDMVsp) -- C:\WINDOWS\system32\drivers\PTDMVsp.sys (DEVGURU Co,LTD.)
DRV - (PTDMMdm) -- C:\WINDOWS\system32\drivers\PTDMMdm.sys (DEVGURU Co,LTD.)
DRV - (PTDMBus) -- C:\WINDOWS\system32\drivers\PTDMBus.sys (DEVGURU Co,LTD.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (SunkFilt39) -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys (Alcor Micro Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (SMNDIS5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80230
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2010/06/10 20:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2010/05/03 11:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/07/15 01:25:55 | 000,412,092 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14242 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: () - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [RebateInformer] C:\Program Files\RebateInformer\RebateInf.exe (Inbox.com, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster Platinum 18\Remind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\Home\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe (iWin Inc.)
O4 - Startup: C:\Documents and Settings\Home\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Home\Start Menu\Programs\Startup\VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll File not found
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - http://us.st12.yimg.com/us.st.yimg.com/I/t...e_2023_18296014
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/25 23:34:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{466d4d9b-a9e5-11dd-9d03-7a8020000200}\Shell - "" = AutoRun
O33 - MountPoints2\{466d4d9b-a9e5-11dd-9d03-7a8020000200}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{466d4d9b-a9e5-11dd-9d03-7a8020000200}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{51cbca7a-e4cf-11dd-9d43-0040ca23d856}\Shell - "" = AutoRun
O33 - MountPoints2\{51cbca7a-e4cf-11dd-9d43-0040ca23d856}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51cbca7a-e4cf-11dd-9d43-0040ca23d856}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{baaf98ea-9020-11dd-ba13-0040ca23d856}\Shell - "" = AutoRun
O33 - MountPoints2\{baaf98ea-9020-11dd-ba13-0040ca23d856}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{baaf98ea-9020-11dd-ba13-0040ca23d856}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d7238210-e409-11dd-9d3f-0040ca23d856}\Shell - "" = AutoRun
O33 - MountPoints2\{d7238210-e409-11dd-9d3f-0040ca23d856}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d7238210-e409-11dd-9d3f-0040ca23d856}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.acm (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/29 00:28:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home\Recent
[2010/07/28 06:04:34 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\My Documents\OTL.exe
[2010/07/24 11:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\AVG9
[2010/07/20 23:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\SUPERAntiSpyware.com
[2010/07/20 23:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/20 23:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/20 18:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/07/20 18:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Office Genuine Advantage
[2010/07/19 06:43:02 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/07/19 06:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/18 16:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/18 15:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Malwarebytes
[2010/07/18 15:01:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 15:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/18 15:01:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 15:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/16 03:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\FixItCenter
[2010/07/15 12:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2010/07/15 12:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2010/07/15 12:22:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/07/15 07:44:15 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll
[2010/07/15 07:44:15 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll
[2010/07/15 07:44:13 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll
[2010/07/15 07:43:56 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2010/07/15 07:43:53 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2010/07/15 06:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/07/15 06:00:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/07/15 06:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/07/15 06:00:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/15 04:46:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/07/15 04:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/07/15 04:22:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/15 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/07/15 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/07/15 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/07/15 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/07/15 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/07/15 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/07/15 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/07/15 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/07/15 03:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/07/15 03:30:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/07/15 03:30:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/07/15 03:30:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/07/15 03:30:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/07/15 03:30:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/07/15 03:30:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/07/15 03:30:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/07/15 03:30:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/07/15 01:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/14 18:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/14 18:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/14 06:09:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Home\IECompatCache
[2010/07/13 17:59:59 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/08 09:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\HP
[2010/07/01 03:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/01 03:34:24 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/01 03:34:23 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/01 03:34:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/01 03:34:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\Home\*.tmp files -> C:\Documents and Settings\Home\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/29 01:44:33 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Home\default.pls
[2010/07/29 01:43:56 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/29 01:34:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/29 00:28:55 | 000,001,893 | ---- | M] () -- C:\Documents and Settings\Home\Start Menu\Programs\Startup\VZAccess Manager.lnk
[2010/07/29 00:27:43 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/29 00:24:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/29 00:23:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/29 00:23:02 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/29 00:22:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/29 00:22:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/29 00:22:12 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Home\NTUSER.DAT
[2010/07/29 00:21:18 | 002,643,288 | -H-- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\IconCache.db
[2010/07/28 06:10:56 | 000,000,513 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\5b4cu60b.lnk
[2010/07/28 06:10:32 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\OTL.lnk
[2010/07/28 06:04:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\My Documents\OTL.exe
[2010/07/28 05:55:45 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\5b4cu60b.exe
[2010/07/27 15:58:10 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/27 15:58:09 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/27 14:14:41 | 000,002,211 | ---- | M] () -- C:\Documents and Settings\Home\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
[2010/07/22 04:06:13 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\WeatherBug (2).lnk
[2010/07/22 01:47:26 | 000,000,065 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/07/20 23:37:21 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/18 16:58:00 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\HijackThis.lnk
[2010/07/18 15:01:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/16 03:29:01 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Spider Solitaire.lnk
[2010/07/15 12:26:37 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2010/07/15 12:13:25 | 000,111,184 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/15 06:09:46 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/15 06:09:46 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/15 06:09:45 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/15 06:00:14 | 000,950,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/15 04:33:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/15 01:25:55 | 000,412,092 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/14 20:27:25 | 000,000,439 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/14 18:35:57 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/14 18:35:56 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/07/08 09:21:21 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/01 03:33:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/01 03:33:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/01 03:33:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/01 03:33:50 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/01 03:33:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\Home\*.tmp files -> C:\Documents and Settings\Home\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/28 06:10:56 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\5b4cu60b.lnk
[2010/07/28 06:10:32 | 000,000,482 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\OTL.lnk
[2010/07/28 05:55:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\5b4cu60b.exe
[2010/07/27 15:58:10 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/27 15:58:09 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/22 04:06:13 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\WeatherBug (2).lnk
[2010/07/20 23:37:21 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/18 16:57:58 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\HijackThis.lnk
[2010/07/18 15:01:55 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/15 12:26:36 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2010/07/15 03:30:10 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/14 20:27:23 | 000,000,439 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/14 18:35:57 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/14 18:35:56 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/06 19:55:02 | 000,000,083 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2008/07/28 22:37:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2008/04/28 18:48:15 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2008/02/22 21:44:01 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/01/26 21:35:54 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2008/01/26 21:35:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2008/01/26 20:23:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/25 23:51:43 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/01/25 23:46:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/25 23:40:58 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/25 23:40:58 | 000,654,848 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/01/25 23:40:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/25 23:40:57 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/25 23:40:57 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/01/25 23:40:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/05/10 23:11:36 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/08 11:35:29 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/25 23:34:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/01/26 21:36:03 | 011,473,006 | ---- | M] () -- C:\BellSouthIW.re~
[2008/01/25 23:28:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/01/25 23:34:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/05/31 13:31:02 | 000,078,184 | ---- | M] (Microsoft Corporation) -- C:\GameuxInstallHelper.dll
[2008/01/25 23:34:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/03 21:11:58 | 000,000,387 | ---- | M] () -- C:\lxct.log
[2008/01/25 23:34:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/15 04:33:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/29 00:22:48 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/01/25 23:33:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/12/17 19:05:32 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/25 18:22:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/01/25 18:22:43 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/01/25 18:22:43 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-16 07:03:18
< End of report >



-----------EXTRAS----------------
OTL Extras logfile created on: 7/29/2010 1:56:25 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Home\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 71.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 24.61 Gb Free Space | 22.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MY_PC_05_2007
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"86:TCP" = 86:TCP:*:Enabled:BroadCam Web Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxctcoms.exe" = C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System -- File not found
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\CyberLink\PowerDirector\PDR.exe" = C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}" = C4400
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4400_Help
"{6661C844-F72D-44ED-823A-24862F2D1650}" = Print Artist Craft & Party Maker
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6C0EFE71-B047-45DF-92EB-51E1741B0F80}" = Compression Bin
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7CDA437D-FB09-4E7D-932D-2FB045AC5C2D}" = ArcSoft PhotoImpression
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A484D9E8-166E-41B0-8F5E-4C3965D2DE84}" = ArcSoft Software Suite
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29B0066-547B-402c-9C0D-090E2F928A01}" = PANTECH PC USB Modem Software
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB9B16B0-442F-46c6-92EF-8E7F30A66F92}" = PANTECH UM175AL Driver
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EBD9A954-6C1A-4E9F-A098-C98653035381}" = PrintMaster Platinum 18
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bookworm Deluxe 1.03" = Bookworm Deluxe 1.03
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"CToolbar_UNINSTALL" = Crawler Toolbar
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"ie8" = Windows Internet Explorer 8
"Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"iWinArcade" = iWin Games (remove only)
"Jewel Quest" = Jewel Quest (remove only)
"Jewel Quest 2" = Jewel Quest 2 (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 2.01
"LimeWire" = LimeWire 5.5.8
"Mahjong Match" = Mahjong Match
"Mahjong Quest 2" = Mahjong Quest 2 (remove only)
"Mahjongg Empire" = Mahjongg Empire
"MahJongg Game of Four Winds" = MahJongg Game of Four Winds
"MahJongg Master 3" = MahJongg Master 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moraff's_Maximum_Mahjongg_1.0" = Moraff's Maximum MahJongg 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"nLite_is1" = nLite 1.3.5
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Pinball" = Pinball
"Rahjongg The Curse of Ra" = Rahjongg The Curse of Ra
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedFan" = SpeedFan (remove only)
"Ultimate Mahjongg" = Ultimate Mahjongg
"UltraISO_is1" = UltraISO Premium V8.62
"USSF" = Universal Silent Switch Finder
"Vista Ultimate Edition final_is1" = Vista Ultimate Edition final v1.0
"VZAccess Manager" = VZAccess Manager
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2010 6:34:14 AM | Computer Name = MY_PC_05_2007 | Source = Google Update | ID = 20
Description =

Error - 7/27/2010 7:34:14 AM | Computer Name = MY_PC_05_2007 | Source = Google Update | ID = 20
Description =

Error - 7/27/2010 8:34:14 AM | Computer Name = MY_PC_05_2007 | Source = Google Update | ID = 20
Description =

Error - 7/27/2010 9:34:14 AM | Computer Name = MY_PC_05_2007 | Source = Google Update | ID = 20
Description =

Error - 7/27/2010 10:34:14 AM | Computer Name = MY_PC_05_2007 | Source = Google Update | ID = 20
Description =

Error - 7/27/2010 1:34:18 PM | Computer Name = MY_PC_05_2007 | Source = Google Update | ID = 20
Description =

Error - 7/27/2010 2:34:21 PM | Computer Name = MY_PC_05_2007 | Source = Google Update | ID = 20
Description =

Error - 7/27/2010 4:23:35 PM | Computer Name = MY_PC_05_2007 | Source = ESENT | ID = 490
Description = svchost (1392) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 7/27/2010 4:23:36 PM | Computer Name = MY_PC_05_2007 | Source = ESENT | ID = 490
Description = svchost (1392) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 7/27/2010 4:23:37 PM | Computer Name = MY_PC_05_2007 | Source = ESENT | ID = 470
Description = Catalog Database (1392) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

[ System Events ]
Error - 7/14/2010 11:48:20 PM | Computer Name = MY_PC_05_2007 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 7/14/2010 11:50:25 PM | Computer Name = MY_PC_05_2007 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 7/14/2010 11:50:26 PM | Computer Name = MY_PC_05_2007 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 7/15/2010 6:03:33 AM | Computer Name = MY_PC_05_2007 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/15/2010 11:06:54 AM | Computer Name = MY_PC_05_2007 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 7/15/2010 2:38:10 PM | Computer Name = MY_PC_05_2007 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 7/15/2010 10:32:39 PM | Computer Name = MY_PC_05_2007 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/15/2010 10:33:15 PM | Computer Name = MY_PC_05_2007 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 7/15/2010 10:33:15 PM | Computer Name = MY_PC_05_2007 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 7/15/2010 10:33:18 PM | Computer Name = MY_PC_05_2007 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.


< End of report >





be good to each other

#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:36 AM

Posted 29 July 2010 - 02:02 PM

Hi there,

Yep, exactly what I needed. smile.gif

Be sure to ask me if you have any questions about what to do here.

STEP 1 - Add / Remove Programs

Go to Start -> Control Panel -> Add / Remove Programs and remove the following:
  • Crawler Toolbar

STEP 2 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :OTL
    O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
    O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)

    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
STEP 3 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 4 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 5 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 bbqchick

bbqchick
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:north carolina
  • Local time:09:36 AM

Posted 30 July 2010 - 08:46 PM

i'm sorry for the delay. kaspersky is giving me grief. it gets to 97% or 98% complete and stops. it had a statement about disabling the pop-up blocker,i did. i'm checking the instructions before trying again. bbqchick
be good to each other

#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:36 AM

Posted 30 July 2010 - 10:20 PM

Hi there,

Okay, if it gives you grief again let me know and we'll give you something else to do. smile.gif

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 bbqchick

bbqchick
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:north carolina
  • Local time:09:36 AM

Posted 31 July 2010 - 12:12 PM

i ready for the next program. i ran karpersky several times and it never completed. at 97%, it would state that there was 1 infection, but i couldn't get it to display what the infection was. here is the mbam log. maybe the next one will work and we can finish this thing. i haven't told you, but i am ready to go to the other forums to have my other questions answered. i really want to know at what point do you pick up a nasty little problem and some other questions. i'm staying focused on this until it is done. thanks for all your help. bbqchick


----------mbam2--------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4368

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/30/2010 1:42:18 AM
mbam-log-2010-07-30 (01-42-18).txt

Scan type: Quick scan
Objects scanned: 136610
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

be good to each other

#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:36 AM

Posted 31 July 2010 - 12:48 PM

Hi there,

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 bbqchick

bbqchick
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:north carolina
  • Local time:09:36 AM

Posted 31 July 2010 - 11:06 PM

i just wanted to double check, so i ran eset a second time[iwas slightly distracted the first time]. it said that there were no infections found. it did not give me a report to copy. nothing was said about turning off the firewall, teatimer or pop-up blocker, should i have turned them off? have we gotten rid of the nasties? could you tell where they came from[limewire, or some other site]? i would like to know the source because if it came from the music files, do i need to delete them or are they safe now that we have done these tests? did i really have a problem? this is the main question and very important. i was surfing the web, at a couple of sites, right below the toolbar was a note[ this site wants to install microsoft dynamic editing control html]. i looked at microsoft's site[i try to go to the source for downloads] and noticed that the dynamic editing control name did not match the description[ they talked about security]. i called the 800 number for clarity. the man said that was a trick and someone was trying to hijack my computer. he wanted to sell me a subscription and remotely fix my computer. he also said that my computer would probably crash in 2 days. i didn't even run my mouse over the note, he said it didn't matter. through his scare tactics and my sisters good advice i found you. did i worry for nothing? sorry, in my first note, i warned i had a book and i have been trying hard to deal with one issue at at time. if you want to stick with the eset test, that's fine, but this is my next topic. yes , i have even more questions. thanks once again for your help. bbqchick
be good to each other

#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:36 AM

Posted 31 July 2010 - 11:51 PM

Hi there,

I'll try and answer your questions to the best of my ability. If I happen to miss one, let me know and I'll get it next post. If ESET found nothing, then from what I can see you don't have any problems. We will do one or two more scans to make sure, but for now I'm just going to answer your questions.

QUOTE
could you tell where they came from[limewire, or some other site]?

The most common places are peer-to-peer (P2P) programs such as limewire or bittorrent, and certain websites with malicious code. There are other ways (such as email), but the previous two are the most common.

QUOTE
do i need to delete them or are they safe now that we have done these tests?

I don't think you need to delete any other files, but we're not quite done yet so there still might be something to delete.

QUOTE
did i really have a problem?

We didn't really get rid of anything too major, the stuff we removed was just "adware".

QUOTE
did i worry for nothing?

No, certainly not. Was the man you talked to overreacting? Yes, definitely. We're you right to be worried? Certainly. He wanted to sell you a subscription, so I'd say he was going on scare tactics. There is definitely nothing that will "crash your computer in 2 days".

As for the Microsoft Dynamic Editing Control, what kind of websites were you visiting?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 bbqchick

bbqchick
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:north carolina
  • Local time:09:36 AM

Posted 01 August 2010 - 03:13 PM

i had heard that you could watch t.v. on your computer. so i was trying to find out if this was true[any t.v.? how would that work? would it look like t.v. or the internet?]. i don't remember the first site[ or if it was t.v. related], but the last site was from vureel[ you go to blinky.com and they give you a choice of places to watch]. i was hoping to see if there was some way i could connect my t.v. to the internet and get rid of my satellite[they had raised their prices]. how can you tell if a site is good before you decide to go there? by that i mean, it won't infect you and is legitimate. one site gave a list of places to watch movies, i picked one and a notice from the goverment stated that it had seized that site for piracy. i leave those places [most of the time] that want to install toolbars[and their friends] or do surveys. will this ever be easy? can we make sites put icons in their addresses so we will know before we decide to pick them [a heart for free sites, a dollar sign for paid sites and a question mark for bad sites]? your answers have given me some peace of mind. i thought that the problems were minor and he tried to scare me[ i never saw offers for hp or dell products]. at what point do you get a nasty? when you click on the address? when you arrive at the site? when you move your mouse across the page? thank you! sincerely, bbqchick

Edited by bbqchick, 01 August 2010 - 07:48 PM.

be good to each other

#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:36 AM

Posted 02 August 2010 - 12:14 AM

Hi there,

QUOTE
any t.v.? how would that work? would it look like t.v. or the internet?


Well, not any TV. It's only legal on a limited number of sites - usually only the sites of the stations themselves. There are only a select few sites that allow you to watch TV shows legally. I've never really done it myself, but I imagine the quality isn't quite as good.

QUOTE
how can you tell if a site is good before you decide to go there?

It's hard to tell, but if it's legal then it's probably good. The only site I really know about is hulu (you can look it up) since I'm not from the states, I don't really have the same luxuries (most of the stuff is blocked outside of the United States region).

QUOTE
will this ever be easy?

I'm not really familiar with watching TV online, but if you want to watch live TV it might be difficult. You should probably ask around other sources about this (actually you could probably search around the forums here and find a few things regarding online TV, I'll take a look when I get some time).

QUOTE
can we make sites put icons in their addresses so we will know before we decide to pick them

You would probably have to search around for some third party software that does this type of thing, but I highly doubt there is something like that around.

QUOTE
at what point do you get a nasty?

As soon as the page starts loading (so right after you click on the link) would be the quickest you could get infected.



Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 bbqchick

bbqchick
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:north carolina
  • Local time:09:36 AM

Posted 02 August 2010 - 04:46 AM

when i asked "will this ever be easy?", i meant about finding safe sites in general. when you look for something on the web and the list of choices pops up, how do you pick one to visit? if you pick wrong, what's your warning sign to leave? do you just have a certain day that you run clean up programs? i have been to hulu several times and try to stick with the main stations web pages[usa, syfy, etc.]. but i'll look for other sources when the page fails to load or this thing called "buffering" plays for 2 seconds then the little circle goes around for 25 seconds. why do videos buffer when web sites don't? some web pages have active things on them[ like these emoticons or the little videos in the small boxes].sorry, i could go on and on with all these questions. i'm so glad that you answered my call for help. i'll try to hold this "book" in a little longer. thank you, bbqchick
be good to each other

#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:36 AM

Posted 03 August 2010 - 03:41 PM

Hi there,

QUOTE
i meant about finding safe sites in general.

Sorry about that. It's hard to say, a lot of it comes intuitively. Does the site look safe? Usually if a site is hosting illegal activities, I would stay away from it. If a site is filled with advertisements for products or services you've never heard of, I'd also stay away from those.

QUOTE
if you pick wrong, what's your warning sign to leave?

Basically everything I said above (hosting of illegal activities, full of advertisements, and basic intuition).

QUOTE
do you just have a certain day that you run clean up programs?

There is usually a way to schedule programs to run biweekly or so. Usually twice per month is sufficient.

QUOTE
why do videos buffer when web sites don't?

Buffering is basically just loading ahead of your current point of the video, to make sure you get smooth playback. Videos are much larger in size than websites, so they take longer to load.

Edited by mpascal, 03 August 2010 - 03:41 PM.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 bbqchick

bbqchick
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:north carolina
  • Local time:09:36 AM

Posted 05 August 2010 - 05:36 PM

sorry, i haven't given up on the testing or questions, i just needed a break to clear my mind. i felt that i was goning on and on about how to find a safe site. i forget that i need to become more familar with sites. until i fell for the "scare tactics" of that man, i rarely used the computer[ maybe two or three times a month]. truth is , a couple of months ago i decided to actually learn how to use a computer. i set myself some goals[ send an email, make a cd, make a dvd]. this does count as email, right? anyway,my teenager was very happy to get back to his online video games and limewire. my sister said that i should scan the limewire files[ even though they say that they use agv for scanning]. i was unable to find out how to do that. i did see a spot were you could look at bug reports. please don't say that i need to "drag" them to my computer. when i listen to something from limewire, i open the connection. i was begining to work on a "playlist", when i hit this snag. i haven't gotten to the "dragging" part. once again, thank you for all of your help. i thought that i had wrecked the computer, now, i feel like i can finish my goals. too bad i can't use you for all my questions[ like how to get pictures off my cell phone and how to make buffering move faster]. bbqchick
be good to each other




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users