Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google & Webpage Hijacking & Redirection


  • Please log in to reply
11 replies to this topic

#1 Ricbear

Ricbear

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 07 February 2011 - 12:08 AM

I have been experiencing this issue on both a Sony Vaio desktop and a Gateway laptop, running XP and Vista, respectively. When I click on results in a Google search, I am redirected to unwanted and incorrect sites. There is also a hijacking issue. When I am on a webpage that I have chosen, sometimes I am spontaneously forwarded to a different, unwanted and unrelated site, often without clicking any links. Let's concentrate on the desktop first. Thanks for any help in advance.

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:33 AM

Posted 07 February 2011 - 01:25 PM

Hi Ricbear,

Are these systems both connecting to the same router?
Did it start happening on both systems about the same time?

Try this for the redirection problem:

Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Step 2
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • Vista/Win7 users should right-click and select Run As Administrator.

    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply.


In your next reply, please submit:
MBAM report
TDSSKiller report


Thanks.

BBPP6nz.png


#3 Ricbear

Ricbear
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 10 February 2011 - 11:27 PM

Yes, both machines are on the same router, however, only one of them was connected to the router at the time this issue began. We were in the process of moving and I hadn't reattached the desktop to the router yet. I am fairly certain this began when I slaved another hard drive to my desktop in an attempt to save the data within. That hard drive is physically failing. I very stupidly downloaded a piece of software (that I was skeptical about to begin with) to use to try to retrieve the data from that slaved drive. After the fact, that piece of software seemed to be infected with a trojan. I downloaded it originally on the laptop and then moved it to my desktop by disk. That is how it ended up on both machines.

I've run Malwarebytes and the TDSSKiller. The reports follow:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5735

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/10/2011 9:40:02 PM
mbam-log-2011-02-10 (21-40-02).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 279200
Time elapsed: 1 hour(s), 44 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2011/02/10 21:56:40.0671 3260 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/10 21:56:40.0796 3260 ================================================================================
2011/02/10 21:56:40.0796 3260 SystemInfo:
2011/02/10 21:56:40.0812 3260
2011/02/10 21:56:40.0812 3260 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/10 21:56:40.0812 3260 Product type: Workstation
2011/02/10 21:56:40.0812 3260 ComputerName: STEAMBOAT
2011/02/10 21:56:40.0812 3260 UserName: Bear
2011/02/10 21:56:40.0812 3260 Windows directory: C:\WINDOWS
2011/02/10 21:56:40.0812 3260 System windows directory: C:\WINDOWS
2011/02/10 21:56:40.0812 3260 Processor architecture: Intel x86
2011/02/10 21:56:40.0812 3260 Number of processors: 1
2011/02/10 21:56:40.0812 3260 Page size: 0x1000
2011/02/10 21:56:40.0812 3260 Boot type: Normal boot
2011/02/10 21:56:40.0812 3260 ================================================================================
2011/02/10 21:56:41.0531 3260 Initialize success
2011/02/10 21:56:44.0562 0136 ================================================================================
2011/02/10 21:56:44.0562 0136 Scan started
2011/02/10 21:56:44.0562 0136 Mode: Manual;
2011/02/10 21:56:44.0562 0136 ================================================================================
2011/02/10 21:56:48.0937 0136 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/10 21:56:49.0078 0136 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/10 21:56:49.0343 0136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/10 21:56:49.0484 0136 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/10 21:56:50.0062 0136 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/10 21:56:50.0500 0136 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/02/10 21:56:50.0640 0136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/10 21:56:50.0781 0136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/10 21:56:50.0984 0136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/10 21:56:51.0156 0136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/10 21:56:51.0328 0136 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/02/10 21:56:51.0437 0136 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/02/10 21:56:51.0562 0136 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/02/10 21:56:51.0765 0136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/10 21:56:51.0906 0136 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/02/10 21:56:51.0968 0136 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/02/10 21:56:52.0171 0136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/10 21:56:52.0281 0136 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/10 21:56:52.0484 0136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/10 21:56:52.0609 0136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/10 21:56:52.0765 0136 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/02/10 21:56:52.0875 0136 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/02/10 21:56:53.0046 0136 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/10 21:56:53.0687 0136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/10 21:56:53.0859 0136 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/10 21:56:54.0015 0136 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/02/10 21:56:54.0218 0136 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/10 21:56:54.0375 0136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/10 21:56:54.0531 0136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/10 21:56:54.0781 0136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/10 21:56:54.0968 0136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/10 21:56:55.0125 0136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/10 21:56:55.0250 0136 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011B.SYS
2011/02/10 21:56:55.0390 0136 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/10 21:56:55.0578 0136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/10 21:56:55.0718 0136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/10 21:56:55.0875 0136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/10 21:56:56.0000 0136 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/10 21:56:56.0109 0136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/10 21:56:56.0218 0136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/10 21:56:56.0406 0136 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/10 21:56:56.0734 0136 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/10 21:56:57.0046 0136 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/10 21:56:57.0234 0136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/10 21:56:57.0546 0136 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/10 21:56:57.0671 0136 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/10 21:56:57.0796 0136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/10 21:56:57.0937 0136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/10 21:56:58.0125 0136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/10 21:56:58.0281 0136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/10 21:56:58.0406 0136 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/02/10 21:56:58.0546 0136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/10 21:56:58.0718 0136 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/10 21:56:58.0843 0136 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/10 21:56:58.0968 0136 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/10 21:56:59.0093 0136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/10 21:56:59.0265 0136 KS-959 (2ae47a0b7e05e9695f8c19b7d4e3f4c0) C:\WINDOWS\system32\DRIVERS\KS-959.sys
2011/02/10 21:56:59.0406 0136 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/10 21:56:59.0718 0136 LucentSoftModem (d96ff9c7997a4311f6a5db9afcdea936) C:\WINDOWS\system32\DRIVERS\LTSM.sys
2011/02/10 21:56:59.0890 0136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/10 21:57:00.0015 0136 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/10 21:57:00.0265 0136 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/10 21:57:00.0484 0136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/10 21:57:00.0671 0136 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/02/10 21:57:00.0937 0136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/10 21:57:01.0140 0136 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/10 21:57:01.0328 0136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/10 21:57:01.0453 0136 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
2011/02/10 21:57:01.0593 0136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/10 21:57:01.0718 0136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/10 21:57:01.0875 0136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/10 21:57:02.0015 0136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/10 21:57:02.0171 0136 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/10 21:57:02.0296 0136 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/10 21:57:02.0437 0136 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/10 21:57:02.0593 0136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/10 21:57:02.0718 0136 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/10 21:57:02.0843 0136 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/10 21:57:02.0968 0136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/10 21:57:03.0156 0136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/10 21:57:03.0296 0136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/10 21:57:03.0421 0136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/10 21:57:03.0546 0136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/10 21:57:03.0734 0136 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/10 21:57:03.0875 0136 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/02/10 21:57:04.0046 0136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/10 21:57:04.0218 0136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/10 21:57:04.0437 0136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/10 21:57:04.0593 0136 nv (21ceedfa76170a6cf19ad833aa948393) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/10 21:57:04.0750 0136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/10 21:57:04.0859 0136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/10 21:57:05.0015 0136 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/02/10 21:57:05.0156 0136 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/02/10 21:57:05.0281 0136 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/02/10 21:57:05.0421 0136 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/10 21:57:05.0531 0136 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/10 21:57:05.0843 0136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/10 21:57:06.0046 0136 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/10 21:57:06.0171 0136 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/10 21:57:06.0390 0136 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/10 21:57:06.0500 0136 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/10 21:57:07.0140 0136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/10 21:57:07.0250 0136 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/10 21:57:07.0390 0136 prwntdrv (c590535d68fd6c84707dc1debd2afd68) C:\WINDOWS\system32\prwntdrv.sys
2011/02/10 21:57:07.0546 0136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/10 21:57:07.0656 0136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/10 21:57:07.0781 0136 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/02/10 21:57:08.0281 0136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/10 21:57:08.0406 0136 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/02/10 21:57:08.0531 0136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/10 21:57:08.0656 0136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/10 21:57:08.0765 0136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/10 21:57:08.0906 0136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/10 21:57:09.0062 0136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/10 21:57:09.0203 0136 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/10 21:57:09.0390 0136 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/10 21:57:09.0609 0136 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/02/10 21:57:09.0750 0136 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/02/10 21:57:09.0890 0136 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/02/10 21:57:09.0984 0136 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) D:\Program Files\SASDIFSV.SYS
2011/02/10 21:57:10.0046 0136 SASKUTIL (61db0d0756a99506207fd724e3692b25) D:\Program Files\SASKUTIL.SYS
2011/02/10 21:57:10.0203 0136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/10 21:57:10.0343 0136 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/10 21:57:10.0515 0136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/10 21:57:10.0859 0136 SiS315 (f1bf6158ac79912bbdf71a0382fefa65) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/02/10 21:57:11.0421 0136 sisagp (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/02/10 21:57:11.0671 0136 SiSkp (224ef1530777d62b65e8c2d5e9cfa511) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/02/10 21:57:12.0031 0136 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/10 21:57:12.0218 0136 soma (fa197db78c086f8ebdf15c995375f091) C:\WINDOWS\system32\DRIVERS\soma.sys
2011/02/10 21:57:12.0437 0136 SONYWBMS (073457b2d8b919fa7bdcf3fd9226e30c) C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS
2011/02/10 21:57:12.0656 0136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/10 21:57:12.0796 0136 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/10 21:57:12.0937 0136 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/10 21:57:13.0125 0136 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/10 21:57:13.0265 0136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/10 21:57:13.0437 0136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/10 21:57:13.0843 0136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/10 21:57:14.0000 0136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/10 21:57:14.0140 0136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/10 21:57:14.0265 0136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/10 21:57:14.0437 0136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/10 21:57:14.0718 0136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/10 21:57:14.0937 0136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/10 21:57:15.0171 0136 USB28xxBGA (01f43ddc94653cd68d2794ec4500debc) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2011/02/10 21:57:15.0296 0136 USB28xxOEM (f887c3eee7abacd594b5f73b862c45fc) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2011/02/10 21:57:15.0421 0136 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/10 21:57:15.0546 0136 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/10 21:57:15.0718 0136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/10 21:57:15.0875 0136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/10 21:57:15.0984 0136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/10 21:57:16.0125 0136 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/10 21:57:16.0250 0136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/10 21:57:16.0406 0136 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/10 21:57:16.0531 0136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/10 21:57:16.0640 0136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/10 21:57:16.0875 0136 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/10 21:57:17.0031 0136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/10 21:57:17.0609 0136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/10 21:57:17.0890 0136 WDM_YAMAHAAC97 (dce25235272a28ed34780ac4c848fc3f) C:\WINDOWS\system32\drivers\yacxgc.sys
2011/02/10 21:57:18.0140 0136 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/10 21:57:18.0312 0136 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/10 21:57:18.0453 0136 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/10 21:57:18.0781 0136 ================================================================================
2011/02/10 21:57:18.0781 0136 Scan finished
2011/02/10 21:57:18.0781 0136 ================================================================================
2011/02/10 22:32:16.0234 0960 Deinitialize success

#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:33 AM

Posted 11 February 2011 - 08:50 AM

Hi Ricbear,

I'd like to look a little deeper in to the system.
But i will have to get this thread moved before we continue.
Please bare with me while i get a Mod to move it.
I'll reply again once the thread has been moved.

Thanks.

BBPP6nz.png


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:33 AM

Posted 11 February 2011 - 09:01 AM

I meant to click open the topic below this but opened this one first. I noted your wanting to move it so I did.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:33 AM

Posted 11 February 2011 - 09:12 AM

Many thanks quietman7

--------------------

Hi Ricbear,

  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Posted Image
  • Now copy the lines in bold below.

    netsvcs
    msconfig
    activex
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT


  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
    .
  • Click the Run Scan button.

    Posted Image
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.


Thanks

BBPP6nz.png


#7 Ricbear

Ricbear
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 15 February 2011 - 01:07 AM

Thanks for your help so far Starbuck and Quietman7. I've downloaded OTL and performed the scan. The following are the .txt files generated:


OTL logfile created on: 2/15/2011 12:43:57 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Bear\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

992.00 Mb Total Physical Memory | 324.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.00 Gb Total Space | 0.41 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive D: | 95.79 Gb Total Space | 75.21 Gb Free Space | 78.52% Space Free | Partition Type: NTFS

Computer Name: STEAMBOAT | User Name: Bear | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/15 00:42:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bear\Desktop\OTL.exe
PRC - [2011/02/02 15:56:08 | 002,782,008 | ---- | M] (FlashPeak, Inc.) -- D:\Program Files\SlimBrowser\sbrowser.exe
PRC - [2010/12/12 21:25:36 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/12 21:24:10 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/23 11:13:22 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/26 11:04:16 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 07:27:09 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 07:27:00 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 07:25:30 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/11/18 20:42:58 | 001,176,064 | ---- | M] (4t Niagara Software) -- D:\Program Files\4t Tray Minimizer\4t-min.exe
PRC - [2002/07/20 11:22:10 | 000,032,768 | ---- | M] (Lucent Technologies) -- C:\WINDOWS\LTSMMSG.exe
PRC - [2002/07/03 19:17:00 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2002/01/09 21:53:14 | 000,200,704 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- D:\Program Files\FinePixViewer\QuickDCF.exe
PRC - [2001/10/08 15:58:14 | 000,622,592 | ---- | M] (Thomas Ascher) -- D:\Program Files\ATnotes\ATnotes.exe
PRC - [2001/03/15 08:18:18 | 000,049,254 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2011/02/15 00:42:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bear\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/11/18 20:18:50 | 000,021,504 | ---- | M] () -- D:\Program Files\4t Tray Minimizer\ShellEh7.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AOLService)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/26 11:04:16 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 07:27:00 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2007/03/26 12:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2002/07/23 07:45:12 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2010/08/25 18:39:02 | 000,013,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\prwntdrv.sys -- (prwntdrv)
DRV - [2010/07/16 07:27:13 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 07:25:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 08:55:13 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/12 02:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/03/12 02:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/06/22 16:59:24 | 000,479,232 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/02/06 15:38:02 | 000,028,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2006/03/09 20:26:14 | 000,245,248 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/03/09 03:25:30 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/07/18 08:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2003/02/11 19:41:18 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2002/12/18 06:03:24 | 000,036,184 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS) Sony Memory Stick controller(WB)
DRV - [2002/08/02 13:56:00 | 000,590,464 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\soma.sys -- (soma)
DRV - [2002/07/20 11:22:30 | 000,815,819 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
DRV - [2002/07/19 15:25:58 | 000,202,880 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97)
DRV - [2002/07/16 07:16:00 | 000,981,466 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/06/13 14:37:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/05/07 04:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011B.SYS -- (FINEPIX_PCC)
DRV - [2002/02/05 11:05:08 | 000,019,034 | R--- | M] (Kingsun Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KS-959.sys -- (KS-959)
DRV - [2001/08/18 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/18 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2000/12/05 18:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us&rl=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2011/01/22 03:33:55 | 000,435,949 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 15034 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [LTSMMSG] C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
O4 - HKLM..\Run: [NvCplDaemon] File not found
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE (Novell, Inc., c/o Corel Corporation Limited)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SiS KHooker] File not found
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKCU..\Run: [DriverScanner] File not found
O4 - HKCU..\Run: [ISUSPM] File not found
O4 - HKCU..\Run: [updateMgr] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = D:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: C:\Documents and Settings\Bear\Start Menu\Programs\Startup\4t Tray Minimizer.lnk = D:\Program Files\4t Tray Minimizer\4t-min.exe (4t Niagara Software)
O4 - Startup: C:\Documents and Settings\Bear\Start Menu\Programs\Startup\ATnotes.lnk = D:\Program Files\ATnotes\ATnotes.exe (Thomas Ascher)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O9 - Extra Button: Singles Messenger - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - File not found
O9 - Extra 'Tools' menuitem : Tools Menu Item - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download.games.yahoo.com/games/clients/y/potc_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.139 213.109.77.111
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SASWINLO.DLL - D:\Program Files\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bear\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bear\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/03 10:18:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found
NetSvcs: SSHNAS - File not found

MsConfig - StartUpReg: eaezvf - hkey= - key= - File not found
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - File not found
MsConfig - StartUpReg: SiS Tray - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {AB564EA0-7000-47C9-BE17-30DC575454B3} - Microsoft .NET Framework 1.1 Hotfix (KB886904)
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D7B44F3E-77D3-44C5-8E03-4222D9A18B7B} - Q321232
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/15 00:42:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bear\Desktop\OTL.exe
[2011/02/14 01:40:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/11 15:49:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/11 15:49:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/11 15:49:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/10 21:56:26 | 001,366,104 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bear\Desktop\tdsskiller.exe
[2011/02/10 19:51:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/10 19:51:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/10 19:51:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/10 19:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/10 19:49:43 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bear\Desktop\mbam-setup.exe
[2011/02/07 16:07:31 | 090,943,256 | ---- | C] ( ) -- C:\Documents and Settings\Bear\Desktop\set_up.exe
[2011/02/05 20:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/02/05 20:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/02/05 20:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/02/04 12:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/02/04 12:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/02/04 12:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/01/26 14:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bear\My Documents\Downloads
[2011/01/26 08:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bear\Start Menu\Programs\Google Chrome
[2011/01/26 08:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FlashPeak SlimBrowser
[2011/01/25 18:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bear\Application Data\SUPERAntiSpyware.com
[2011/01/25 18:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/25 18:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/24 12:12:35 | 000,020,584 | ---- | C] (Adobe Systems Incorporated.) -- C:\WINDOWS\System32\PdfPorts.dll
[2011/01/22 04:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bear\Application Data\Malwarebytes
[2011/01/22 04:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/22 04:03:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/21 09:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/15 00:42:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bear\Desktop\OTL.exe
[2011/02/15 00:25:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532886375-1567011825-502627533-1005UA.job
[2011/02/15 00:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/15 00:05:01 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2FEA4E65-6593-4477-84C2-DDB9451737CC}.job
[2011/02/14 23:18:10 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/14 13:15:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/02/14 13:01:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/14 12:59:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/14 12:59:41 | 1039,765,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/14 09:16:03 | 071,156,134 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/02/14 08:25:04 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532886375-1567011825-502627533-1005Core.job
[2011/02/14 01:40:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/02/13 23:57:01 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2011/02/13 02:17:26 | 000,966,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/13 02:15:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/11 23:27:25 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\Google Chrome.lnk
[2011/02/11 23:27:25 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Bear\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/11 21:14:31 | 000,423,281 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\Bryce & Kaylee.ai
[2011/02/11 09:35:17 | 000,018,446 | ---- | M] () -- C:\Documents and Settings\Bear\My Documents\Erin - bills.ods
[2011/02/10 21:56:31 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bear\Desktop\tdsskiller.exe
[2011/02/10 19:51:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/10 19:49:43 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bear\Desktop\mbam-setup.exe
[2011/02/10 16:02:22 | 000,241,840 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/08 19:57:24 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimBrowser.lnk
[2011/02/08 19:57:24 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Bear\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBrowser.lnk
[2011/02/07 16:16:35 | 000,000,114 | -HS- | M] () -- C:\WINDOWS\set_updrv.spi
[2011/02/07 16:07:31 | 090,943,256 | ---- | M] ( ) -- C:\Documents and Settings\Bear\Desktop\set_up.exe
[2011/02/05 07:07:47 | 000,000,304 | RHS- | M] () -- C:\boot.ini
[2011/02/04 13:47:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/24 12:14:13 | 000,001,901 | ---- | M] () -- C:\WINDOWS\panose.bin
[2011/01/24 12:12:39 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2011/01/22 03:33:55 | 000,435,949 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 09:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/20 08:45:01 | 000,000,766 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/01/19 11:03:36 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/11 21:11:09 | 000,423,281 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\Bryce & Kaylee.ai
[2011/02/10 19:51:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/08 19:57:24 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimBrowser.lnk
[2011/02/07 16:16:35 | 000,000,114 | -HS- | C] () -- C:\WINDOWS\set_updrv.spi
[2011/02/05 12:56:47 | 1039,765,504 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/26 08:23:53 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\Google Chrome.lnk
[2011/01/26 08:23:53 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Bear\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/26 08:20:22 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532886375-1567011825-502627533-1005UA.job
[2011/01/26 08:20:22 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532886375-1567011825-502627533-1005Core.job
[2011/01/26 08:09:42 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Bear\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBrowser.lnk
[2011/01/24 12:12:53 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 5.0.lnk
[2011/01/24 12:12:39 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2011/01/24 12:12:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2010/12/20 00:18:18 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Bear\Local Settings\Application Data\kodakpcd.ini
[2010/12/16 14:17:17 | 000,095,496 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2010/12/16 14:16:18 | 000,081,418 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2010/10/22 18:57:08 | 000,013,064 | ---- | C] () -- C:\WINDOWS\System32\prwntdrv.sys
[2007/12/08 18:04:55 | 000,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2005/09/12 23:12:09 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/07/25 19:07:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/17 21:37:59 | 000,000,145 | ---- | C] () -- C:\WINDOWS\farmmext.ini
[2004/09/10 22:43:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\IJHIKO.ini
[2004/07/19 00:58:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/02 21:08:00 | 000,000,141 | ---- | C] () -- C:\WINDOWS\AIMPR.INI
[2004/03/23 22:07:42 | 000,000,186 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/28 23:24:40 | 000,000,820 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/12/15 23:39:07 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2003/11/23 21:11:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliards.INI
[2003/10/27 00:35:29 | 000,000,133 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/09/09 16:37:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\avisynth_c.dll
[2003/08/03 14:48:48 | 000,000,125 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2003/08/03 14:48:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2003/06/10 00:30:41 | 000,000,364 | ---- | C] () -- C:\WINDOWS\bible.ini
[2003/05/30 00:30:19 | 000,000,185 | ---- | C] () -- C:\WINDOWS\EXPANDER.INI
[2003/02/28 19:55:59 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\Bear\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/02/22 16:21:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/02/15 01:34:44 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2003/02/02 22:41:08 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2003/02/02 22:37:12 | 000,003,122 | ---- | C] () -- C:\WINDOWS\BlacBox2.INI
[2003/01/27 21:29:48 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2003/01/27 21:01:43 | 000,055,296 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2003/01/15 21:35:57 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson580.ini
[2003/01/12 18:16:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Bear\Application Data\PFP100JPR.{PB
[2003/01/12 18:16:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Bear\Application Data\PFP100JCM.{PB
[2003/01/09 20:22:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2003/01/09 19:54:57 | 000,000,233 | ---- | C] () -- C:\WINDOWS\EPSON 1250 Installer.ini
[2003/01/09 00:23:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2002/08/15 12:46:12 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2002/08/15 12:46:12 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/08/15 12:45:06 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2002/08/15 12:43:08 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/15 12:43:07 | 000,000,766 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/08/15 12:30:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2002/08/03 13:45:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/03 11:30:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2002/08/03 11:17:45 | 000,012,209 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2002/08/03 11:17:45 | 000,000,980 | ---- | C] () -- C:\WINDOWS\System32\2_ssetup.ini
[2002/08/03 11:17:45 | 000,000,927 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2002/08/03 11:17:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2002/08/03 10:43:24 | 000,000,906 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/03 10:05:41 | 000,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/08/03 03:11:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/04/20 19:23:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PManager.dll
[1998/09/07 01:03:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\System32\Cdio16.dll
[1998/09/07 00:55:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\cdio32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/17 23:25:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/10/17 23:25:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/07/18 02:52:42 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/17 23:25:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/07/18 02:52:42 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/17 23:25:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\deployJava1.dll
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/12/20 18:59:19 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

-------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 2/15/2011 12:43:57 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Bear\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

992.00 Mb Total Physical Memory | 324.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.00 Gb Total Space | 0.41 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive D: | 95.79 Gb Total Space | 75.21 Gb Free Space | 78.52% Space Free | Partition Type: NTFS

Computer Name: STEAMBOAT | User Name: Bear | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Open_in_PageMill] -- D:\PROGRA~1\Adobe\PAGEMI~1.0\PageMill.exe "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\ATnotes\ATnotes.exe" = D:\Program Files\ATnotes\ATnotes.exe:*:Enabled:Creates notes on the Windows desktop. -- (Thomas Ascher)
"D:\Program Files\Yahoo!\Messenger\YPager.exe" = D:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"D:\Program Files\Yahoo!\Messenger\YServer.exe" = D:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"D:\Program Files\SlimBrowser\sbrowser.exe" = D:\Program Files\SlimBrowser\sbrowser.exe:*:Enabled:FlashPeak SlimBrowser -- (FlashPeak, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}" = OpenMG Secure Module 3.1
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{197A2B90-A998-4603-9B25-2B7D7CC0060E}" = Screenblast Sound Forge 1.0b
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.0
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 23
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB2.0 VIDBOX NW03
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 3.0 Deluxe
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer (OpenSBI Edition)
"{29F61465-428A-11D4-B646-00C04F790F76}" = DVgate
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30642CE1-217B-40C0-92E2-6BF849599D9E}" = Network Smart Capture
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
"{42596645-AF4A-4821-857A-77EE16C1F131}" = FontHit Font Tools
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions WinXP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}" = VAIO Help & Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{662E1348-3D8D-4BCE-B345-BF7EB40308FD}" = Screenblast ACID 2.0a
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Installer 2.0
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 1.5.00
"{761C9026-14F0-4352-8658-934558272404}" = VAIO Edit Components LE
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7D8FAC4F-5E20-4674-B642-0C141DC68D3A}" = WordPerfect Office 2002
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA14D661-8B7A-4A8F-B093-405C160178AF}" = VAIO Registration
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.28
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D4A49B00-02F8-11D5-B64D-00C04F790F76}" = MovieShaker 3.3
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA80A0FE-AC63-47FC-8CA5-E29754255B96}" = honestech VHS to DVD 3.0 Deluxe
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DF0DD6E9-F673-4466-8353-70B50A506FD9}" = VAIO Media Platform 2.0
"{E1F21580-77B0-48CD-A96B-EDF7201A46AC}" = StuffIt Standard
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7DADD44-6785-11D6-A493-00A00C445B53}" = Hackman
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"4t Tray Minimizer_is1" = 4t Tray Minimizer Free 4.21
"8BBB2780BBE11BA83C188DD7E5979A81A1C0C9D7" = Windows Driver Package - eMPIA Technology (USB28xxBGA) Media (06/22/2007 6.22.0116.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Premiere 6 LE" = Adobe Premiere 6 LE
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Any Video Converter_is1" = Any Video Converter 2.6.7
"ATnotes_is1" = ATnotes Version 8.21
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"AxCrypt" = AxCrypt (Remove Only)
"CD Checker" = CD Checker
"Copy Utility" = Copy Utility
"Corel Uninstaller" = Corel Uninstaller
"dsbF1V1" = the flux collection
"DVD Shrink_is1" = DVD Shrink 3.2
"EASEUS Partition Recovery_is1" = EASEUS Partition Recovery 5.0.1
"EPSON Photo Print" = EPSON Photo Print
"Free RAR Extract Frog" = Free RAR Extract Frog
"getPlus®_ocx" = getPlus®_ocx
"Google Updater" = Google Updater
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"HijackThis" = HijackThis 2.0.2
"iCare Data Recovery_is1" = iCare Data Recovery 3.8.4
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.0
"InstallShield_{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"InstallShield_{AA14D661-8B7A-4A8F-B093-405C160178AF}" = VAIO Registration
"InterActual Player" = InterActual Player
"Jetcast" = Jetcast 3.2.4
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Macromedia Dreamweaver 3" = Macromedia Dreamweaver 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motion JPEG Software Decoder" = Motion JPEG Software Decoder
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Oracle JInitiator 1.3.1.13" = Oracle JInitiator 1.3.1.13
"SiS Compatible VGA V2.09a" = SiS Compatible VGA V2.09a
"SiS VGA Driver" = SiS VGA Utilities
"SlimBrowser" = FlashPeak SlimBrowser
"SmartPCRecorder" = Smart PC Recorder - by freebird
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Total Xaos Demo" = Total Xaos-Demo
"VAIO Support" = VAIO Support
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualLab 5 Client_is1" = VirtualLab Client 5.7.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"aaa" = aaa
"Adobe PageMill 3.0" = Adobe PageMill 3.0
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2011 5:44:14 PM | Computer Name = STEAMBOAT | Source = Application Hang | ID = 1002
Description = Hanging application helpctr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2011 8:00:43 PM | Computer Name = STEAMBOAT | Source = Application Hang | ID = 1002
Description = Hanging application sbrowser.exe, version 5.0.0.144, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2011 8:55:31 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 2/10/2011 8:44:22 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 2/12/2011 1:38:41 PM | Computer Name = STEAMBOAT | Source = Application Hang | ID = 1002
Description = Hanging application sbrowser.exe, version 5.0.1.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 2:57:10 AM | Computer Name = STEAMBOAT | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 2/13/2011 3:00:40 AM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 2/13/2011 3:09:02 AM | Computer Name = STEAMBOAT | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 2/13/2011 3:18:19 AM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 2/14/2011 2:00:53 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

[ Application Events ]
Error - 2/7/2011 5:44:14 PM | Computer Name = STEAMBOAT | Source = Application Hang | ID = 1002
Description = Hanging application helpctr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2011 8:00:43 PM | Computer Name = STEAMBOAT | Source = Application Hang | ID = 1002
Description = Hanging application sbrowser.exe, version 5.0.0.144, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2011 8:55:31 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 2/10/2011 8:44:22 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 2/12/2011 1:38:41 PM | Computer Name = STEAMBOAT | Source = Application Hang | ID = 1002
Description = Hanging application sbrowser.exe, version 5.0.1.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/13/2011 2:57:10 AM | Computer Name = STEAMBOAT | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 2/13/2011 3:00:40 AM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 2/13/2011 3:09:02 AM | Computer Name = STEAMBOAT | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 2/13/2011 3:18:19 AM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 2/14/2011 2:00:53 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

[ System Events ]
Error - 2/13/2011 2:52:18 AM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7034
Description = The Fax service terminated unexpectedly. It has done this 1 time(s).

Error - 2/13/2011 2:53:45 AM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/13/2011 2:53:57 AM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/13/2011 2:54:02 AM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/13/2011 2:57:10 AM | Computer Name = STEAMBOAT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

Error - 2/13/2011 3:00:48 AM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 2/13/2011 3:01:12 AM | Computer Name = STEAMBOAT | Source = System Error | ID = 1003
Description = Error code 1000007e, parameter1 c0000046, parameter2 805150db, parameter3
ee780a1c, parameter4 ee780a6c.

Error - 2/13/2011 3:09:08 AM | Computer Name = STEAMBOAT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

Error - 2/13/2011 3:18:05 AM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 2/14/2011 2:00:49 PM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2


< End of report >

#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:33 AM

Posted 15 February 2011 - 05:41 AM

Hi Ricbear,

Ok, let's get to work:

Step 1
Click on start...... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 4


These are old versions of Java which should have been removed when Java was updated.

Do not uninstall Java™ 6 Update 23

Reboot the system when completed.

Step 2
Double click on OTL.exe to run it.
Copy the lines in bold below. (make sure that :Otl is on the first line )

:otl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] File not found
O4 - HKLM..\Run: [SiS KHooker] File not found
O4 - HKCU..\Run: [DriverScanner] File not found
O4 - HKCU..\Run: [ISUSPM] File not found
O4 - HKCU..\Run: [updateMgr] File not found
O9 - Extra Button: Singles Messenger - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - File not found
O9 - Extra 'Tools' menuitem : Tools Menu Item - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download.games.yahoo.com/games/clients/y/potc_x.cab (Reg Error: Key error.)
MsConfig - StartUpReg: eaezvf - hkey= - key= - File not found

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
  • Click the red Run Fix button.

    Posted Image
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


Step 3
Unfortunately you will have to Uninstall AVG for this step.
I also recommend running the AVG removal tool once it has been uninstalled from the system.

To remove AVG go to:
http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

download to your desktop.
then double click to start the uninstaller.

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results".

You can reinstall again once the scan has completed.
Or you install one of these free recommended AV's.


Note*:
Upon installation MS Security Essentials will check that your OS is a legal copy.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image

This is an example, you may rename ComboFix to anything you want.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Then:

    Double click on Combo-Fix.exe & follow the prompts.

    Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you may not see this screen
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please submit:
Otl fix report
Combofix.txt
also let me know which AV you installed after running CF.


Thanks.

BBPP6nz.png


#9 Ricbear

Ricbear
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 11 March 2011 - 05:05 PM

Sorry it took so long to reply. I've run the OTL fix and ComboFix as you suggested. I am still experiencing the same issues. The following are the log files from OTL and ComboFix:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SiS KHooker deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DriverScanner deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10954C80-4F0F-11d3-B17C-00C0DFE39736}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10954C80-4F0F-11d3-B17C-00C0DFE39736}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10954C80-4F0F-11d3-B17C-00C0DFE39736}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10954C80-4F0F-11d3-B17C-00C0DFE39736}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {32505657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32505657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control Yahoo! Pool 2
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Yahoo! Pool 2\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Yahoo! Pool 2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Yahoo! Pool 2\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\eaezvf\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Bear\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bear\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Bear
->Temp folder emptied: 48783514 bytes
->Temporary Internet Files folder emptied: 19585962 bytes
->Java cache emptied: 121432250 bytes
->Google Chrome cache emptied: 62685416 bytes
->Flash cache emptied: 66625 bytes

User: Default User
->Temp folder emptied: 121028406 bytes
->Temporary Internet Files folder emptied: 493604 bytes
->Flash cache emptied: 83 bytes

User: Guest
->Temp folder emptied: 121029907 bytes
->Temporary Internet Files folder emptied: 493604 bytes
->Flash cache emptied: 83 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 110446257 bytes
->Java cache emptied: 16269 bytes
->Flash cache emptied: 5871 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78724129 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58371 bytes
%systemroot%\System32 .tmp files removed: 11349009 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 145118 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 160243332 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 497598 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 817.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: All Users.WINDOWS

User: Bear
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 03112011_151052

Files\Folders moved on Reboot...
C:\WINDOWS\temp\T30DebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

-------------------------------------------------------------------------------------------------------------------------------

ComboFix 11-03-10.04 - Bear 03/11/2011 16:17:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.992.661 [GMT -5:00]
Running from: c:\documents and settings\Bear\Desktop\1Combo-Fix1.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bear\Favorites\Thumbs.db
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-02-11 to 2011-03-11 )))))))))))))))))))))))))))))))
.
.
2011-03-11 20:10 . 2011-03-11 20:10 -------- dc----w- C:\_OTL
2011-02-25 16:38 . 2011-02-25 16:38 -------- d-----w- c:\documents and settings\Bear\Application Data\DivX
2011-02-25 16:32 . 2011-03-01 21:07 -------- d-----w- c:\program files\DivX
2011-02-25 16:28 . 2011-03-01 21:08 -------- dc----w- c:\documents and settings\All Users\Application Data\DivX
2011-02-11 00:51 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 00:51 . 2011-02-11 00:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 00:51 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-07-18 07:40 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2002-08-03 15:04 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2002-08-03 15:05 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-07-18 06:43 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-07-18 07:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-07-18 06:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2002-08-03 15:04 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2005-10-30 18:39 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Bear\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-15 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-27 102400]
"LTSMMSG"="LTSMMSG.exe" [2002-07-20 32768]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-07-04 40960]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2002-07-10 77887]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SiSPower"="SiSPower.dll" [2006-03-09 49152]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-12-25 421888]
.
c:\documents and settings\Bear\Start Menu\Programs\Startup\
4t Tray Minimizer.lnk - d:\program files\4t Tray Minimizer\4t-min.exe [2003-11-18 1176064]
ATnotes.lnk - d:\program files\ATnotes\ATnotes.exe [2001-10-8 622592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - d:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2011-1-24 49254]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-10-31 110592]
Exif Launcher.lnk - d:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- d:\program files\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="d:\program files\Ahead\Nero BackItUp\NBJ.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ATnotes\\ATnotes.exe"=
"d:\\Program Files\\SlimBrowser\\sbrowser.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
.
R1 SASDIFSV;SASDIFSV;d:\program files\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [8/3/2002 10:06 AM 815819]
S0 Cdr4vsd;Cdr4vsd; [x]
S0 cfinlnvp;cfinlnvp;c:\windows\system32\drivers\nsrkyg.sys --> c:\windows\system32\drivers\nsrkyg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 1:53 AM 135664]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [1/18/2007 5:48 PM 19034]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [10/22/2010 6:57 PM 13064]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-12 08:01]
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 06:53]
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 06:53]
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532886375-1567011825-502627533-1005Core.job
- c:\documents and settings\Bear\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-26 03:12]
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532886375-1567011825-502627533-1005UA.job
- c:\documents and settings\Bear\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-26 03:12]
.
2011-03-29 c:\windows\Tasks\User_Feed_Synchronization-{2FEA4E65-6593-4477-84C2-DDB9451737CC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/mail?.intl=us&rl=1
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = about:blank
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
AddRemove-Corel Uninstaller - d:\windows\COREL\UNINST32.EXE
AddRemove-Adobe PageMill 3.0 - d:\program files\Adobe\PageMill 3.0\DeIsL2.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-11 16:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,53,f5,98,58,83,c4,4a,b0,29,d7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,53,f5,98,58,83,c4,4a,b0,29,d7,\
.
[HKEY_USERS\S-1-5-21-1532886375-1567011825-502627533-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
d:\program files\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-03-11 16:25:06
ComboFix-quarantined-files.txt 2011-03-11 21:24
.
Pre-Run: 1,922,674,688 bytes free
Post-Run: 1,922,519,040 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - A26C40600C989A61B590E257CD071F93

I installed AVG Free 2011 as my antivirus program after running ComboFix. So what do we do now? Thanks for your ongoing assistance.

Edited by Ricbear, 11 March 2011 - 05:06 PM.


#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:33 AM

Posted 12 March 2011 - 05:11 AM

Hi Ricbear

As it's been awhile, let's get a set of up to date OTL reports.

Otl has now been updated.
Please remove your present copy. ( right click on the icon and select delete)

Now get a fresh copy:

  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under Extra Registry section, select Use SafeList.
  • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Thanks

BBPP6nz.png


#11 Ricbear

Ricbear
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 13 March 2011 - 01:36 AM

OK, the following are the results of the new OTL scan:

OTL logfile created on: 3/13/2011 1:28:00 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bear\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

992.00 Mb Total Physical Memory | 439.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.00 Gb Total Space | 1.33 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
Drive D: | 95.79 Gb Total Space | 75.13 Gb Free Space | 78.43% Space Free | Partition Type: NTFS

Computer Name: STEAMBOAT | User Name: Bear | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bear\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\wiaacmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - D:\Program Files\4t Tray Minimizer\4t-min.exe (4t Niagara Software)
PRC - C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
PRC - D:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
PRC - D:\Program Files\ATnotes\ATnotes.exe (Thomas Ascher)
PRC - D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bear\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - D:\Program Files\4t Tray Minimizer\ShellEh7.dll ()


========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AOLService) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (prwntdrv) -- C:\WINDOWS\system32\prwntdrv.sys ()
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (SASKUTIL) -- D:\Program Files\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- D:\Program Files\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (SONYWBMS) Sony Memory Stick controller(WB) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys (Sony Corporation)
DRV - (soma) -- C:\WINDOWS\system32\drivers\soma.sys (Sony Corporation)
DRV - (LucentSoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (Lucent Technologies)
DRV - (WDM_YAMAHAAC97) -- C:\WINDOWS\system32\drivers\yacxgc.sys (YAMAHA CORPORATION)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
DRV - (FINEPIX_PCC) -- C:\WINDOWS\system32\drivers\V4CB011B.SYS (FUJI PHOTO FILM CO.,LTD.)
DRV - (KS-959) -- C:\WINDOWS\system32\drivers\KS-959.sys (Kingsun Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us&rl=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/03/11 16:45:44 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/03/11 16:21:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [LTSMMSG] C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE (Novell, Inc., c/o Corel Corporation Limited)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = D:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: C:\Documents and Settings\Bear\Start Menu\Programs\Startup\4t Tray Minimizer.lnk = D:\Program Files\4t Tray Minimizer\4t-min.exe (4t Niagara Software)
O4 - Startup: C:\Documents and Settings\Bear\Start Menu\Programs\Startup\ATnotes.lnk = D:\Program Files\ATnotes\ATnotes.exe (Thomas Ascher)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.139 213.109.77.111
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SASWINLO.DLL - D:\Program Files\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Bear\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bear\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/03 10:18:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/11 16:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bear\Application Data\AVG10
[2011/03/11 16:47:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/11 16:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/03/11 16:46:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/03/11 16:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/11 16:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/03/11 16:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/11 16:30:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/11 16:30:00 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Bear\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/03/11 16:15:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/11 16:10:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/11 16:10:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/11 16:10:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/11 16:10:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/11 16:10:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/11 15:10:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/11 15:07:00 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Bear\Desktop\avgremover.exe
[2011/02/25 11:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bear\Application Data\DivX
[2011/02/25 11:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/02/25 11:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/02/15 00:42:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bear\Desktop\OTL.exe
[2011/02/11 15:49:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/11 15:49:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/11 15:49:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

========== Files - Modified Within 30 Days ==========

[2011/03/29 06:54:09 | 000,964,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/29 01:28:30 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2FEA4E65-6593-4477-84C2-DDB9451737CC}.job
[2011/03/13 01:26:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bear\Desktop\OTL.exe
[2011/03/13 01:25:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532886375-1567011825-502627533-1005UA.job
[2011/03/13 01:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/12 23:18:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/12 17:22:03 | 108,511,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/12 14:13:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/12 10:45:12 | 000,018,606 | ---- | M] () -- C:\Documents and Settings\Bear\My Documents\Erin - bills.ods
[2011/03/12 08:25:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532886375-1567011825-502627533-1005Core.job
[2011/03/11 16:30:00 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Bear\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/03/11 16:21:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/11 16:16:00 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2011/03/11 15:48:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/11 15:48:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/11 15:48:09 | 1039,765,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/11 15:08:02 | 004,285,785 | R--- | M] () -- C:\Documents and Settings\Bear\Desktop\1Combo-Fix1.exe
[2011/03/11 15:07:02 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Bear\Desktop\avgremover.exe
[2011/03/11 14:26:37 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\Google Chrome.lnk
[2011/03/11 14:26:37 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Bear\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/11 11:24:38 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/09 14:58:35 | 000,001,901 | ---- | M] () -- C:\WINDOWS\panose.bin
[2011/03/09 11:19:44 | 000,015,326 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\MySig.wmf
[2011/03/09 01:15:43 | 000,205,212 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\RCCAp 6-09 form[1].pdf
[2011/03/01 18:26:50 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/01 18:26:50 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/25 15:03:41 | 014,040,610 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\Brayden's Sixth Birthday2!.pdf
[2011/02/25 08:34:58 | 004,072,951 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\Brayden's Sixth Birthday.pdf
[2011/02/19 20:20:57 | 000,007,831 | ---- | M] () -- C:\Documents and Settings\Bear\My Documents\birthdayphrases.rtf
[2011/02/19 20:14:36 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Bear\My Documents\New Rich Text Document.rtf
[2011/02/16 15:03:13 | 000,594,599 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\Bryce and Kaylee.pdf
[2011/02/16 14:35:21 | 000,598,252 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\Bryce and Kaylee.ai
[2011/02/16 14:06:13 | 000,674,266 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\Kaylee's Crown.ai
[2011/02/16 12:55:06 | 000,110,416 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\acorn-banner-tattoo-style-illustration-vector.jpg
[2011/02/16 11:48:30 | 000,022,656 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\ss183.jpg
[2011/02/16 11:43:42 | 000,014,064 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\bumble_bee.png
[2011/02/14 01:40:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/02/13 02:15:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/11 21:14:31 | 000,423,281 | ---- | M] () -- C:\Documents and Settings\Bear\Desktop\Bryce & Kaylee.ai

========== Files Created - No Company Name ==========

[2011/03/12 17:22:03 | 108,511,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/11 16:16:00 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2011/03/11 16:15:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/11 16:10:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/11 16:10:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/11 16:10:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/11 16:10:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/11 16:10:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/11 15:39:42 | 1039,765,504 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/11 15:08:02 | 004,285,785 | R--- | C] () -- C:\Documents and Settings\Bear\Desktop\1Combo-Fix1.exe
[2011/03/09 11:19:37 | 000,015,326 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\MySig.wmf
[2011/03/09 01:14:21 | 000,205,212 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\RCCAp 6-09 form[1].pdf
[2011/02/25 08:36:18 | 014,040,610 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\Brayden's Sixth Birthday2!.pdf
[2011/02/25 01:15:35 | 004,072,951 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\Brayden's Sixth Birthday.pdf
[2011/02/19 20:20:56 | 000,007,831 | ---- | C] () -- C:\Documents and Settings\Bear\My Documents\birthdayphrases.rtf
[2011/02/19 20:14:36 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Bear\My Documents\New Rich Text Document.rtf
[2011/02/16 15:03:09 | 000,594,599 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\Bryce and Kaylee.pdf
[2011/02/16 14:14:00 | 000,598,252 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\Bryce and Kaylee.ai
[2011/02/16 12:55:16 | 000,110,416 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\acorn-banner-tattoo-style-illustration-vector.jpg
[2011/02/16 12:49:25 | 000,674,266 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\Kaylee's Crown.ai
[2011/02/16 11:48:37 | 000,022,656 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\ss183.jpg
[2011/02/16 11:44:00 | 000,014,064 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\bumble_bee.png
[2011/02/11 21:11:09 | 000,423,281 | ---- | C] () -- C:\Documents and Settings\Bear\Desktop\Bryce & Kaylee.ai
[2011/01/24 12:12:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2010/12/20 00:18:18 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Bear\Local Settings\Application Data\kodakpcd.ini
[2010/12/16 14:17:17 | 000,095,496 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2010/12/16 14:17:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2010/12/16 14:16:18 | 000,081,418 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2010/10/22 18:57:08 | 000,098,696 | ---- | C] () -- C:\WINDOWS\System32\setupprwdrv03.exe
[2010/10/22 18:57:08 | 000,013,064 | ---- | C] () -- C:\WINDOWS\System32\prwntdrv.sys
[2010/06/23 01:51:53 | 000,241,840 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/10 14:09:29 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/04/30 23:11:12 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/04/30 23:11:12 | 000,002,543 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/12/08 18:04:55 | 000,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2006/04/24 00:08:13 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/02/05 15:35:46 | 000,000,071 | ---- | C] () -- C:\WINDOWS\bearpower@usa.com
[2006/01/19 10:34:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2006/01/19 10:34:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2006/01/16 22:28:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/09/12 23:12:09 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/07/25 19:07:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/17 21:37:59 | 000,000,145 | ---- | C] () -- C:\WINDOWS\farmmext.ini
[2004/12/16 21:50:58 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/11/26 15:51:56 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/09/10 22:43:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\IJHIKO.ini
[2004/09/07 00:54:44 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/19 00:58:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/18 01:32:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/05/02 21:08:00 | 000,000,141 | ---- | C] () -- C:\WINDOWS\AIMPR.INI
[2004/03/23 22:07:42 | 000,000,186 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/23 20:49:49 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ricbear@hotmail.com
[2004/01/29 00:13:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2004/01/28 23:24:40 | 000,000,820 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/12/15 23:39:07 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2003/11/23 21:11:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliards.INI
[2003/10/27 00:35:29 | 000,000,133 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/09/09 16:37:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\avisynth_c.dll
[2003/08/03 14:48:48 | 000,000,125 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2003/06/10 00:30:41 | 000,000,364 | ---- | C] () -- C:\WINDOWS\bible.ini
[2003/06/10 00:29:38 | 000,026,129 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
[2003/05/30 00:30:19 | 000,000,185 | ---- | C] () -- C:\WINDOWS\EXPANDER.INI
[2003/04/15 17:16:06 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2003/02/28 19:55:59 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\Bear\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/02/22 16:21:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/02/15 01:34:54 | 000,042,483 | ---- | C] () -- C:\WINDOWS\Icccodes.dat
[2003/02/15 01:34:54 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2003/02/15 01:34:44 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2003/02/02 22:41:08 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2003/02/02 22:37:12 | 000,003,122 | ---- | C] () -- C:\WINDOWS\BlacBox2.INI
[2003/01/27 21:29:48 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2003/01/27 21:01:43 | 000,055,296 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2003/01/16 19:50:02 | 000,000,607 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2003/01/15 21:35:57 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson580.ini
[2003/01/12 18:16:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Bear\Application Data\PFP100JPR.{PB
[2003/01/12 18:16:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Bear\Application Data\PFP100JCM.{PB
[2003/01/09 20:22:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2003/01/09 19:54:57 | 000,000,233 | ---- | C] () -- C:\WINDOWS\EPSON 1250 Installer.ini
[2003/01/09 00:23:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2002/08/15 12:46:12 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2002/08/15 12:46:12 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/08/15 12:45:06 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2002/08/15 12:43:08 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/15 12:43:07 | 000,000,766 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/08/15 12:43:05 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2002/08/15 12:30:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2002/08/03 13:45:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/03 11:30:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2002/08/03 11:30:54 | 000,086,275 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe
[2002/08/03 11:17:45 | 000,012,209 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2002/08/03 11:17:45 | 000,000,980 | ---- | C] () -- C:\WINDOWS\System32\2_ssetup.ini
[2002/08/03 11:17:45 | 000,000,927 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2002/08/03 11:17:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2002/08/03 10:43:24 | 000,000,906 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/03 10:20:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/08/03 10:16:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/03 10:07:38 | 000,311,912 | ---- | C] () -- C:\WINDOWS\Q320174.exe
[2002/08/03 10:07:37 | 000,208,488 | ---- | C] () -- C:\WINDOWS\Q318623.exe
[2002/08/03 10:07:36 | 000,641,640 | ---- | C] () -- C:\WINDOWS\Q318138.exe
[2002/08/03 10:07:33 | 002,931,304 | ---- | C] () -- C:\WINDOWS\Q317277.exe
[2002/08/03 10:07:32 | 001,189,992 | ---- | C] () -- C:\WINDOWS\Q316397.exe
[2002/08/03 10:07:31 | 000,621,672 | ---- | C] () -- C:\WINDOWS\Q316134.exe
[2002/08/03 10:07:30 | 000,599,144 | ---- | C] () -- C:\WINDOWS\Q315000.EXE
[2002/08/03 10:07:30 | 000,487,016 | ---- | C] () -- C:\WINDOWS\Q315403.EXE
[2002/08/03 10:07:29 | 000,302,696 | ---- | C] () -- C:\WINDOWS\Q312370.EXE
[2002/08/03 10:07:29 | 000,234,088 | ---- | C] () -- C:\WINDOWS\Q314147.exe
[2002/08/03 10:07:28 | 000,605,288 | ---- | C] () -- C:\WINDOWS\Q312368.EXE
[2002/08/03 10:07:28 | 000,329,320 | ---- | C] () -- C:\WINDOWS\Q312131.exe
[2002/08/03 10:07:27 | 000,290,920 | ---- | C] () -- C:\WINDOWS\Q311889.EXE
[2002/08/03 10:07:27 | 000,252,520 | ---- | C] () -- C:\WINDOWS\Q311967.exe
[2002/08/03 10:07:26 | 000,517,736 | ---- | C] () -- C:\WINDOWS\Q310601.exe
[2002/08/03 10:07:26 | 000,248,424 | ---- | C] () -- C:\WINDOWS\Q311785.exe
[2002/08/03 10:07:24 | 002,039,400 | ---- | C] () -- C:\WINDOWS\Q309521.exe
[2002/08/03 10:07:24 | 000,170,856 | ---- | C] () -- C:\WINDOWS\Q309056.exe
[2002/08/03 10:07:23 | 000,474,728 | ---- | C] () -- C:\WINDOWS\Q308677.EXE
[2002/08/03 10:07:23 | 000,359,016 | ---- | C] () -- C:\WINDOWS\Q308402.EXE
[2002/08/03 10:07:22 | 000,188,520 | ---- | C] () -- C:\WINDOWS\Q307274.exe
[2002/08/03 10:07:22 | 000,159,336 | ---- | C] () -- C:\WINDOWS\Q307271.exe
[2002/08/03 10:07:22 | 000,148,584 | ---- | C] () -- C:\WINDOWS\Q308387.EXE
[2002/08/03 10:07:21 | 000,240,232 | ---- | C] () -- C:\WINDOWS\Q306583.exe
[2002/08/03 10:05:41 | 000,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/08/03 10:05:06 | 000,442,796 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/03 10:05:06 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/03 10:05:06 | 000,071,936 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/03 10:05:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/03 10:05:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/03 10:05:05 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/03 10:05:03 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/03 10:04:56 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/03 10:04:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/03 10:04:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/03 03:11:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/08/03 03:11:10 | 000,964,432 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/04/20 19:23:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PManager.dll
[2001/03/08 10:23:58 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[1998/09/07 01:03:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\System32\Cdio16.dll
[1998/09/07 00:55:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\cdio32.dll

< End of report >
-------------------------------------------------------------------------------------
OTL Extras logfile created on: 3/13/2011 1:28:00 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bear\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

992.00 Mb Total Physical Memory | 439.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.00 Gb Total Space | 1.33 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
Drive D: | 95.79 Gb Total Space | 75.13 Gb Free Space | 78.43% Space Free | Partition Type: NTFS

Computer Name: STEAMBOAT | User Name: Bear | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SlimBrowserHtml] -- D:\Program Files\SlimBrowser\sbrowser.exe (FlashPeak, Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SlimBrowserHtml] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "D:\Program Files\SlimBrowser\sbrowser.exe" -nosp -ni (FlashPeak, Inc.)
https [open] -- "D:\Program Files\SlimBrowser\sbrowser.exe" -nosp -ni (FlashPeak, Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Open_in_PageMill] -- D:\PROGRA~1\Adobe\PAGEMI~1.0\PageMill.exe "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\ATnotes\ATnotes.exe" = D:\Program Files\ATnotes\ATnotes.exe:*:Enabled:Creates notes on the Windows desktop. -- (Thomas Ascher)
"D:\Program Files\SlimBrowser\sbrowser.exe" = D:\Program Files\SlimBrowser\sbrowser.exe:*:Enabled:FlashPeak SlimBrowser -- (FlashPeak, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}" = OpenMG Secure Module 3.1
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{197A2B90-A998-4603-9B25-2B7D7CC0060E}" = Screenblast Sound Forge 1.0b
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 23
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB2.0 VIDBOX NW03
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 3.0 Deluxe
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer (OpenSBI Edition)
"{29F61465-428A-11D4-B646-00C04F790F76}" = DVgate
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30642CE1-217B-40C0-92E2-6BF849599D9E}" = Network Smart Capture
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
"{42596645-AF4A-4821-857A-77EE16C1F131}" = FontHit Font Tools
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions WinXP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}" = VAIO Help & Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{662E1348-3D8D-4BCE-B345-BF7EB40308FD}" = Screenblast ACID 2.0a
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Installer 2.0
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 1.5.00
"{761C9026-14F0-4352-8658-934558272404}" = VAIO Edit Components LE
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7D8FAC4F-5E20-4674-B642-0C141DC68D3A}" = WordPerfect Office 2002
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA14D661-8B7A-4A8F-B093-405C160178AF}" = VAIO Registration
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.28
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D4A49B00-02F8-11D5-B64D-00C04F790F76}" = MovieShaker 3.3
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA80A0FE-AC63-47FC-8CA5-E29754255B96}" = honestech VHS to DVD 3.0 Deluxe
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DF0DD6E9-F673-4466-8353-70B50A506FD9}" = VAIO Media Platform 2.0
"{E1F21580-77B0-48CD-A96B-EDF7201A46AC}" = StuffIt Standard
"{E35AF511-B618-4D02-B559-0F2147341D3B}" = AVG 2011
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7DADD44-6785-11D6-A493-00A00C445B53}" = Hackman
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"4t Tray Minimizer_is1" = 4t Tray Minimizer Free 4.21
"8BBB2780BBE11BA83C188DD7E5979A81A1C0C9D7" = Windows Driver Package - eMPIA Technology (USB28xxBGA) Media (06/22/2007 6.22.0116.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Premiere 6 LE" = Adobe Premiere 6 LE
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Any Video Converter_is1" = Any Video Converter 2.6.7
"ATnotes_is1" = ATnotes Version 8.21
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"AxCrypt" = AxCrypt (Remove Only)
"CD Checker" = CD Checker
"Copy Utility" = Copy Utility
"dsbF1V1" = the flux collection
"DVD Shrink_is1" = DVD Shrink 3.2
"EASEUS Partition Recovery_is1" = EASEUS Partition Recovery 5.0.1
"EPSON Photo Print" = EPSON Photo Print
"Free RAR Extract Frog" = Free RAR Extract Frog
"getPlus®_ocx" = getPlus®_ocx
"Google Updater" = Google Updater
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"HijackThis" = HijackThis 2.0.2
"iCare Data Recovery_is1" = iCare Data Recovery 3.8.4
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.0
"InstallShield_{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"InstallShield_{AA14D661-8B7A-4A8F-B093-405C160178AF}" = VAIO Registration
"InterActual Player" = InterActual Player
"Jetcast" = Jetcast 3.2.4
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Macromedia Dreamweaver 3" = Macromedia Dreamweaver 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motion JPEG Software Decoder" = Motion JPEG Software Decoder
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Oracle JInitiator 1.3.1.13" = Oracle JInitiator 1.3.1.13
"SiS Compatible VGA V2.09a" = SiS Compatible VGA V2.09a
"SiS VGA Driver" = SiS VGA Utilities
"SlimBrowser" = FlashPeak SlimBrowser
"SmartPCRecorder" = Smart PC Recorder - by freebird
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Total Xaos Demo" = Total Xaos-Demo
"VAIO Support" = VAIO Support
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualLab 5 Client_is1" = VirtualLab Client 5.7.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"aaa" = aaa
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2011 7:55:10 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 2/25/2011 12:41:34 PM | Computer Name = STEAMBOAT | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
divxplaybackmodule.dll, version 3.3.0.114, fault address 0x0003d7e0.

Error - 3/29/2011 7:55:05 AM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 3/1/2011 7:25:24 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 3/11/2011 4:16:42 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 3/11/2011 4:30:24 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 3/11/2011 4:40:23 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 3/11/2011 4:48:38 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 3/11/2011 5:48:04 PM | Computer Name = STEAMBOAT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/11/2011 5:48:04 PM | Computer Name = STEAMBOAT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ Application Events ]
Error - 2/20/2011 7:55:10 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 2/25/2011 12:41:34 PM | Computer Name = STEAMBOAT | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
divxplaybackmodule.dll, version 3.3.0.114, fault address 0x0003d7e0.

Error - 3/29/2011 7:55:05 AM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 3/1/2011 7:25:24 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 3/11/2011 4:16:42 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 3/11/2011 4:30:24 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 3/11/2011 4:40:23 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 3/11/2011 4:48:38 PM | Computer Name = STEAMBOAT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 3/11/2011 5:48:04 PM | Computer Name = STEAMBOAT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/11/2011 5:48:04 PM | Computer Name = STEAMBOAT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 3/11/2011 4:16:42 PM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 3/11/2011 4:22:25 PM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 1 time(s).

Error - 3/11/2011 4:22:33 PM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 2 time(s).

Error - 3/11/2011 4:22:39 PM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 3 time(s).

Error - 3/11/2011 4:23:07 PM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 3/11/2011 4:23:20 PM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 4 time(s).

Error - 3/11/2011 4:23:33 PM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 3/11/2011 4:30:17 PM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 3/11/2011 4:40:13 PM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 3/11/2011 4:48:38 PM | Computer Name = STEAMBOAT | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2


< End of report >

#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:33 AM

Posted 13 March 2011 - 06:10 AM

Hi Ricbear,

Thanks for that.

Step 1
Double click on OTL.exe to run it.
Copy the lines in bold below. (make sure that :Otl is on the first line )

:otl
SRV - (AOLService) -- File not found
SRV - (RoxLiveShare9) -- File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:commands
[emptytemp]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
  • Click the red Run Fix button.

    Posted Image
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


Step 2
There is now a newer version of Java available.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 24 and save it to your desktop.
  • Scroll down to where it says "Java SE 6 Update 24".
  • Click the "Download JRE" button to the right.
  • select 'Windows' from the Platform down arrow.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • Click Continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version.


Step 3
I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Click Posted Image, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the Posted Image button.
  • Click Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Note:
It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Posted Image


In your next reply, please submit:
Otl fix report
Eset scan report

also please give me an update on the system and if any of the original problems are still there.


Thanks.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users