Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had windows repair virus ran combo log after being told to by friend


  • This topic is locked This topic is locked
8 replies to this topic

#1 Lxvaier

Lxvaier

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 23 April 2011 - 04:18 AM

Had the windows repair virus and think I got rid of. Afterwords had a browser hijack that I think I got rid of. Ran combofix log before I found site as told by friend. Want to double check that all is gone. I had to uninstall AVG to get some of the scans to work yesterday but will reinstall if it is OK to do so. Computer seems to be slow since I got rid of Windows repair virus. I am also posting combo log.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by owner at 1:58:57.10 on Sat 04/23/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1046 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\svchost.exe -k DComLaunch
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Compal\Smart Battery\SMBTray.exe
C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ntbackup.exe
C:\WINDOWS\system32\rsmsink.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\owner\Desktop\dds.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SMBTray] c:\program files\compal\smart battery\SMBTray.exe
mRun: [Wow Video&Audio] c:\program files\compal\wow video&audio\WVAMain.exe
mRun: [WLSS] c:\program files\compal\wireless select switch\WLSS.exe
mRun: [DT LGE] c:\program files\portrait displays\fortemanager\DTHtml.exe -startup_folder
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281198589796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\0c7efyah.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 10\plugins\npicaN.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2010-8-7 9856]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-20 64512]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-18 2146496]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-6-24 91456]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-31 68928]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-1-6 13312]
S2 Anyplace Control Security;Anyplace Control Security;c:\documents and settings\all users\anyplace control 4\svcadmin.exe [2009-12-16 113152]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S3 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2011-3-10 4051824]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
.
=============== File Associations ===============
.
.reg=reg_auto_file
.txt=
.
=============== Created Last 30 ================
.
2011-04-23 06:51:14 -------- d-----w- C:\back
2011-04-23 06:49:39 -------- d-----w- c:\windows\system32\NtmsData
2011-04-23 06:39:24 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Secunia PSI
2011-04-23 06:31:04 -------- d-----w- c:\program files\Secunia
2011-04-23 04:39:48 -------- d-----w- c:\program files\iPod
2011-04-23 04:36:23 -------- d-----w- c:\program files\Bonjour
2011-04-22 06:49:47 -------- d-sha-r- C:\cmdcons
2011-04-22 06:37:17 89088 ----a-w- c:\windows\MBR.exe
2011-04-22 06:37:17 256512 ----a-w- c:\windows\PEV.exe
2011-04-22 06:37:16 161792 ----a-w- c:\windows\SWREG.exe
2011-04-22 06:37:15 98816 ----a-w- c:\windows\sed.exe
2011-04-21 04:22:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-21 04:22:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-21 04:18:36 -------- d-----w- c:\docume~1\owner\applic~1\Foxit Software
2011-04-21 04:13:13 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-21 04:13:10 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-21 04:11:16 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Sunbelt Software
2011-04-21 04:11:12 -------- d-----w- c:\program files\VS Revo Group
2011-04-21 04:09:10 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
2011-04-21 04:08:48 -------- d-----w- c:\program files\Lavasoft
2011-04-20 15:13:55 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2011-04-20 15:13:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 15:13:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-20 15:13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-20 08:21:42 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-04-20 08:21:10 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll
2011-04-20 08:21:09 86016 ----a-w- c:\program files\internet explorer\connection wizard\icwconn2.exe
2011-04-20 08:21:09 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe
2011-04-20 08:21:09 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe
2011-04-20 08:19:38 28672 ----a-w- c:\program files\messenger\custsat.dll
2011-04-19 06:47:56 -------- d-----w- c:\windows\system32\GroupPolicy
2011-04-10 23:47:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-10 23:47:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-10 23:26:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\aGg31002lDeGb31002
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-04 17:00:01 -------- d-----w- c:\program files\common files\Motorola Shared
2011-04-03 19:26:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2011-04-03 19:25:52 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Citrix
2011-04-03 19:25:52 -------- d-----w- c:\docume~1\owner\applic~1\ICAClient
2011-04-03 19:25:38 -------- d-----w- c:\program files\Citrix
2011-03-25 00:03:37 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-03-25 00:03:37 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-25 00:03:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-03-25 00:02:57 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-25 00:00:52 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-03-24 17:22:34 -------- d-----w- c:\windows\system32\scripting
2011-03-24 17:22:34 -------- d-----w- c:\windows\system32\en
2011-03-24 17:22:34 -------- d-----w- c:\windows\l2schemas
2011-03-24 17:22:33 -------- d-----w- c:\windows\system32\bits
2011-03-24 17:18:23 -------- d-----w- c:\windows\network diagnostic
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-31 17:01:28 68928 ----a-w- c:\windows\system32\NLSSRV32.EXE
2011-01-31 16:59:24 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-01-31 16:59:22 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
.
============= FINISH: 2:01:50.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:17 PM

Posted 01 May 2011 - 08:35 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Lxvaier

Lxvaier
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 01 May 2011 - 02:12 PM

I am running Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation 32 bit and I do have the windows cd.
thanks

OTL logfile created on: 5/1/2011 2:01:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 48.85 Gb Free Space | 43.70% Space Free | Partition Type: NTFS

Computer Name: MASTER | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 14:00:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
PRC - [2011/04/27 03:11:30 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/26 10:37:01 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/04/16 17:38:54 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011/04/16 17:38:52 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011/03/10 19:02:14 | 004,051,824 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files\MediaMall\MediaMallServer.exe
PRC - [2011/01/31 12:01:28 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2010/12/10 07:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/12/16 12:45:48 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\All Users\Anyplace Control 4\svcadmin.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/10 13:01:26 | 000,634,880 | R--- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007/05/03 19:51:06 | 000,951,856 | ---- | M] () -- C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
PRC - [2007/05/03 16:22:02 | 000,525,872 | ---- | M] (Compal Electronics, Inc.) -- C:\Program Files\Compal\Smart Battery\SMBTray.exe
PRC - [2007/04/23 20:55:30 | 000,190,000 | ---- | M] (Compal Electronics, Inc.) -- C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
PRC - [2007/01/12 18:38:38 | 000,118,784 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2007/01/12 18:38:00 | 000,286,208 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\forteManager\dthtml.exe
PRC - [2007/01/12 18:36:12 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/01/12 18:36:04 | 000,106,496 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 14:00:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2011/04/26 10:37:01 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/03/10 19:02:14 | 004,051,824 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Running] -- C:\Program Files\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2011/01/31 12:01:28 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/12/10 07:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/12/16 12:45:48 | 000,113,152 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Anyplace Control 4\svcadmin.exe -- (Anyplace Control Security)
SRV - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/01/12 18:38:38 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2007/01/12 18:36:12 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 19:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/18 19:00:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/27 15:19:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/06/06 22:12:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/04/29 15:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/08/10 13:01:46 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/10 13:01:26 | 000,983,936 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2007/08/10 13:01:24 | 000,027,776 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ktp.sys -- (Ktp)
DRV - [2007/04/30 05:37:20 | 002,206,976 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/03/14 12:16:40 | 000,009,856 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/16 19:31:40 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2006/11/16 19:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1343024091-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 12:37:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 12:37:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011/04/22 16:48:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins [2011/04/23 05:14:03 | 000,000,000 | ---D | M]

[2010/08/07 11:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2011/05/01 01:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\0c7efyah.default\extensions
[2010/10/09 15:46:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\0c7efyah.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/01 00:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/29 16:09:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/10 22:09:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/23 05:16:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/23 05:17:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 10\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/08/10 22:09:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [SMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe (Compal Electronics, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe (Compal Electronics, Inc.)
O4 - HKLM..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-287218729-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1343024091-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1343024091-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281198589796 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/07 12:20:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 14:00:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2011/04/23 05:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/23 05:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/23 05:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/23 05:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/23 05:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/04/23 05:17:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/23 05:17:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/23 05:17:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/23 05:17:08 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/23 05:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\vlc
[2011/04/23 05:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/04/23 01:51:14 | 000,000,000 | ---D | C] -- C:\back
[2011/04/23 01:49:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/04/23 01:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Secunia PSI
[2011/04/23 01:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Secunia PSI
[2011/04/23 01:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/04/22 23:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/22 23:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/22 23:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/22 16:43:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/22 01:49:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/22 01:37:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/22 01:37:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/22 01:37:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/22 01:37:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/22 01:33:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/22 00:56:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/22 00:55:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/20 23:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/20 23:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/20 23:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/20 23:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Foxit Software
[2011/04/20 23:13:13 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/04/20 23:13:10 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/20 23:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Sunbelt Software
[2011/04/20 23:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/20 23:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Start Menu\Programs\Revo Uninstaller
[2011/04/20 23:09:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
[2011/04/20 23:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/04/20 23:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/04/20 23:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/04/20 10:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Malwarebytes
[2011/04/20 10:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/20 10:13:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/20 10:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/20 10:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/20 10:10:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\Recent
[2011/04/20 01:48:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/19 01:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/04/10 18:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\aGg31002lDeGb31002
[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[2011/04/04 12:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/04/04 12:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Motorola
[2011/04/03 14:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/04/03 14:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\ICAClient
[2011/04/03 14:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Citrix
[2011/04/03 14:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/04/03 14:24:43 | 014,108,096 | ---- | C] (Citrix Systems, Inc.) -- C:\Documents and Settings\owner\My Documents\CitrixOnlinePluginWeb.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/01 14:00:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2011/04/30 12:39:17 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/30 12:37:31 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/30 12:34:16 | 000,433,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/30 12:34:16 | 000,068,232 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/30 12:31:25 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/30 12:31:25 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/30 12:29:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/30 12:29:43 | 000,004,688 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\WVAProp.xml
[2011/04/30 12:29:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/23 06:25:43 | 000,022,036 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/23 05:16:49 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/23 05:16:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/23 05:16:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/23 05:16:49 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/23 05:16:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/23 05:11:57 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/04/23 01:56:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\owner\defogger_reenable
[2011/04/23 01:55:53 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\dds.exe
[2011/04/23 01:31:09 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/04/22 23:40:41 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/22 18:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/22 01:49:51 | 000,000,329 | RHS- | M] () -- C:\boot.ini
[2011/04/22 01:43:07 | 004,326,544 | R--- | M] () -- C:\Documents and Settings\owner\Desktop\ComboFix.exe
[2011/04/22 00:47:02 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\ebd3cqoh.exe
[2011/04/20 23:22:25 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/20 23:22:25 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Spybot - Search & Destroy.lnk
[2011/04/20 23:13:05 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/20 23:11:12 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Revo Uninstaller.lnk
[2011/04/20 23:09:08 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/04/20 23:09:08 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/04/20 22:53:21 | 000,000,213 | ---- | M] () -- C:\Boot.bak
[2011/04/20 10:13:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/20 10:03:02 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\rkill.exe
[2011/04/20 01:44:46 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\owner\ntuser.pol
[2011/04/18 19:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/04/18 18:16:07 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19521332
[2011/04/18 18:14:33 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19521332
[2011/04/18 18:14:33 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19521332r
[2011/04/13 08:28:26 | 000,132,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 07:28:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[2011/04/03 14:24:55 | 014,108,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\owner\My Documents\CitrixOnlinePluginWeb.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/30 12:37:31 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/23 05:14:03 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/04/23 05:11:57 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/04/23 01:56:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\owner\defogger_reenable
[2011/04/23 01:55:50 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\dds.exe
[2011/04/23 01:31:09 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/04/23 01:31:09 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/04/22 23:40:41 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/22 01:49:51 | 000,000,213 | ---- | C] () -- C:\Boot.bak
[2011/04/22 01:49:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/22 01:37:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/22 01:37:17 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/22 01:37:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/22 01:37:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/22 01:37:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/22 00:53:42 | 004,326,544 | R--- | C] () -- C:\Documents and Settings\owner\Desktop\ComboFix.exe
[2011/04/22 00:47:05 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\ebd3cqoh.exe
[2011/04/20 23:22:25 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/20 23:22:25 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Spybot - Search & Destroy.lnk
[2011/04/20 23:13:36 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/20 23:13:36 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/20 23:13:24 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/20 23:11:12 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Revo Uninstaller.lnk
[2011/04/20 23:09:08 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/04/20 23:09:08 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/04/20 10:13:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/20 10:08:14 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\rkill.exe
[2011/04/20 01:44:46 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\owner\ntuser.pol
[2011/04/18 18:14:33 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332r
[2011/04/18 18:14:32 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332
[2011/04/18 18:14:29 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19521332
[2011/03/25 09:17:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/29 14:21:44 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/01/29 14:21:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/01/29 14:21:42 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/29 14:21:42 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/29 14:21:42 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/29 14:19:05 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2010/11/26 18:26:27 | 000,022,036 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/13 16:26:41 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/17 18:57:47 | 000,000,020 | ---- | C] () -- C:\WINDOWS\twain.dat
[2010/08/22 20:17:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/08 10:06:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\prvlcl.dat
[2010/08/07 13:21:18 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 12:36:39 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2010/08/07 12:36:39 | 000,009,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\EMSC.sys
[2010/08/07 12:33:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/08/07 12:33:02 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtMicAr.dat
[2010/08/07 12:32:00 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2010/08/07 12:32:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2010/08/07 12:23:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/07 12:17:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/07 10:59:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/07 05:10:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/07 05:09:10 | 000,132,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2006/09/26 19:00:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/09/26 19:00:02 | 000,005,646 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,433,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,068,232 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/02 07:58:10 | 000,000,461 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9812B773

< End of report >

OTL Extras logfile created on: 5/1/2011 2:01:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 48.85 Gb Free Space | 43.70% Space Free | Partition Type: NTFS

Computer Name: MASTER | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.ini [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1343024091-287218729-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MediaMall\MediaMallServer.exe" = C:\Program Files\MediaMall\MediaMallServer.exe:*:Enabled:MediaMall Server -- (MediaMall Technologies, Inc.)
"C:\Program Files\GigaTribe\gigatribe.exe" = C:\Program Files\GigaTribe\gigatribe.exe:*:Enabled:GigaTribe -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1883A84D-94AA-432C-9519-FA31B6B118B9}" = forteManager
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{211C21DD-8C39-4BED-99DF-11BFDAFD3624}" = PlayOn
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}" = Wow Video&Audio utility
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"CamStudio" = CamStudio
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CodInstl" = Intel A/V Codecs V2.0
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Elantech" = KTP Ware PS/2-x86 5.0.3.13
"ExtractNow_is1" = ExtractNow
"File Shredder_is1" = File Shredder 2.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"InstallShield_{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery
"InstallShield_{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}" = Wow Video&Audio utility
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoConnect" = MotoConnect 1.1.31
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PdaNet_is1" = PdaNet for Android 2.45
"RealAlt_is1" = Real Alternative 2.0.2
"Revo Uninstaller" = Revo Uninstaller 1.92
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"ShalSoft.GigaTribe_is1" = GigaTribe 3.01.006
"SMSERIAL" = Motorola SM56 Data Fax Modem
"TomTom HOME" = TomTom HOME 2.8.0.2146
"Video Thumbnails Maker" = Video Thumbnails Maker by Scorp (remove only)
"VLC media player" = VLC media player 0.9.8a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebcamMax" = WebcamMax
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:17 PM

Posted 01 May 2011 - 05:23 PM

Hi,

the logs are looking pretty good. There are some leftovers, please run this script to remove them:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    
    [2011/04/18 18:14:33 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332r
    [2011/04/18 18:14:32 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332
    [2011/04/18 18:14:29 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19521332
    [2011/04/10 18:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\aGg31002lDeGb31002
    :files
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Lxvaier

Lxvaier
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 01 May 2011 - 05:34 PM

Thanks for the help. Here is the log.

========== OTL ==========
C:\Documents and Settings\All Users\Application Data\~19521332r moved successfully.
C:\Documents and Settings\All Users\Application Data\~19521332 moved successfully.
C:\Documents and Settings\All Users\Application Data\19521332 moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\aGg31002lDeGb31002\ not found.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.2.22.3 log created on 05012011_173404

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:17 PM

Posted 02 May 2011 - 05:06 AM

Hi,

pleaser run a new update scan with malwarebytes. How is the PC doing, still slow?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Lxvaier

Lxvaier
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 03 May 2011 - 01:15 AM

Will do.
Seems to be working fine.

Thanks

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:17 PM

Posted 03 May 2011 - 04:24 PM

Great, let me know if it finds anything.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,767 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:17 PM

Posted 12 May 2011 - 10:26 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users