Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

???.dll Not a valid windows image


  • This topic is locked This topic is locked
17 replies to this topic

#1 JohnF-jjccf

JohnF-jjccf

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 04 August 2011 - 12:41 PM

I am using a Sony laptop Vaio GRV550 windows XP home edition sp3. Computer was infected when I got it. Installed Malwarebytes and found 75 infections in safe mode and fixed those..installed AVG (paid Version 2011) and it found several viruses and quarantined them...installed Advance system care (paid version) and ran the deep scan and cleaned up those problems. Upon reboot now I get one pop up after another..different programs but basically the same message. ???.dll and ???.exe not a valid windows image please check against disc. I also wnet back to restore and all restore points are no longer there...I personally set retore points before I started.
I installed hijack-this and ran the program and have the following log to post.
I am really good getting around in XP and using cleaners and virus programs but I do not have the necessary skills to fix registry issues...which I believe has happened here. Any help I can get would be most appreciated...if I am in the right forum??

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:19:59 AM, on 8/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
D:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgscanx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] "D:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1299608162457
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - AppInit_DLLs: nusayuta.dll c:\windows\system32\dibiyowa.dll
O21 - SSODL: gemajuran - {f4625023-6e12-42b7-94da-124d8717af9c} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: mujuzedij - {f4625023-6e12-42b7-94da-124d8717af9c} - (no file)
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - D:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

--
End of file - 5838 bytes

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:14 PM

Posted 11 August 2011 - 03:56 AM

Hi,


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 JohnF-jjccf

JohnF-jjccf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 11 August 2011 - 12:17 PM

Rocker...
Could not run dds so I ran random/random and the files are attached. Hope this will work...if not please let me know. Thanks.

Attached File  log.txt   18.66KB   2 downloads
Attached File  info.txt   13.93KB   1 downloads

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:14 PM

Posted 11 August 2011 - 11:46 PM

Hi,

Could not run dds

What happened when you tried to run the tool?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 JohnF-jjccf

JohnF-jjccf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 12 August 2011 - 07:40 AM

When I ran DDS the dos box came up and then started and then disappeared with no results to display. I searched for the info and log file but could not find them so I ran the tool again..same thing happened. During the process I also get the same messages about the .dll file not a valid windows image. I clear those by hitting okay and then DDS started...same thing happened when I ran random random but that generated the reports. I do not know how to disable the script writing thing you mentioned which is why I ran the random tool instead.

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:14 PM

Posted 12 August 2011 - 10:16 AM

Hi,

Please see if you're able to run this (let the default settings be). Post back the logs it created (if the run was successful).

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 JohnF-jjccf

JohnF-jjccf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 12 August 2011 - 11:50 AM

Downloaded and saved to desktop. Ran it and it started a sting of ########### then stopped and computer froze had to shut down...ran it again..same thing..up came a brief message in with the #. Like this #######cannot read strings#####. Then locked up again.

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:14 PM

Posted 12 August 2011 - 11:53 AM

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 JohnF-jjccf

JohnF-jjccf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 12 August 2011 - 01:32 PM

here it is:
OTL logfile created on: 8/12/2011 2:20:45 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ORVILLE ROBBINS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 161.32 Mb Available Physical Memory | 31.57% Memory free
1.22 Gb Paging File | 0.75 Gb Available in Paging File | 61.65% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.94 Gb Total Space | 4.06 Gb Free Space | 27.21% Space Free | Partition Type: NTFS
Drive D: | 13.01 Gb Total Space | 12.87 Gb Free Space | 98.97% Space Free | Partition Type: NTFS

Computer Name: HIDELAWNO | User Name: ORVILLE ROBBINS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\ORVILLE ROBBINS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - D:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\atiptaxx.exe (ATI Technologies, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\ORVILLE ROBBINS\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (IMFservice) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (AdvancedSystemCareService) -- D:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)


========== Driver Services (SafeList) ==========

DRV - (FileMonitor) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys ()
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (UrlFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys (IObit.com)
DRV - (AvgRkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WDM_YAMAHAAC97) -- C:\WINDOWS\system32\drivers\yacxgc.sys (YAMAHA CORPORATION)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)
DRV - (DSB650TX) -- C:\WINDOWS\system32\drivers\DSB650TX.sys (D-Link)
DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (wandrv) -- C:\WINDOWS\system32\drivers\wandrv.sys (America Online, Inc.)
DRV - (va32w2) -- C:\WINDOWS\System32\DRIVERS\va32w2.sys (Sony Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (va16w2) -- C:\WINDOWS\System32\DRIVERS\va16w2.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http:www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/11 08:24:24 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/03/08 19:42:35 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: compuserve.com ([]* is out of zone range - 5)
O15 - HKCU\..Trusted Domains: compuserve.com ([objects] * is out of zone range - 6)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Value error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1299608162457 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (nusayuta.dll) - C:\WINDOWS\System32\NUSAYUTA.DLL ()
O20 - AppInit_DLLs: (c:\windows\system32\dibiyowa.dll) - C:\WINDOWS\system32\DIBIYOWA.DLL ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: gemajuran - {f4625023-6e12-42b7-94da-124d8717af9c} - CLSID or File not found.
O22 - SharedTaskScheduler: {f4625023-6e12-42b7-94da-124d8717af9c} - mujuzedij - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ORVILLE ROBBINS\Application Data\Sony Corporation\PictureGear Studio\DSC00177.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/29 15:50:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{56e04b80-479a-11e0-a4ce-00d041b9f932}\Shell - "" = AutoRun
O33 - MountPoints2\{56e04b80-479a-11e0-a4ce-00d041b9f932}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{56e04b80-479a-11e0-a4ce-00d041b9f932}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - C:\WINDOWS\System32\SmartDefragBootTime.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/12 14:19:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\OTL.exe
[2011/08/12 11:47:54 | 000,489,738 | R--- | C] (Swearware) -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\dds.exe
[2011/08/11 16:41:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/08/11 13:03:56 | 000,000,000 | ---D | C] -- C:\rsit
[2011/08/11 13:01:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/08/11 12:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/08/11 12:55:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ORVILLE ROBBINS\Start Menu\Programs\Administrative Tools
[2011/08/11 08:04:51 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/11 08:03:52 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/04 13:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ORVILLE ROBBINS\Application Data\ieSpell
[2011/08/04 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2011/08/04 10:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ORVILLE ROBBINS\Start Menu\Programs\HiJackThis
[2011/08/04 09:36:15 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/07/26 09:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/07/25 20:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ORVILLE ROBBINS\Application Data\AVG
[2011/07/24 21:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/07/24 21:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/07/24 21:41:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ORVILLE ROBBINS\IECompatCache
[2011/07/24 20:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/07/24 19:29:35 | 000,139,776 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2011/07/24 17:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2011/07/24 17:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/24 17:30:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/24 17:27:24 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/12 14:19:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\OTL.exe
[2011/08/12 14:16:23 | 000,335,118 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/12 14:16:23 | 000,046,848 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/12 14:10:31 | 000,154,156 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/08/12 14:08:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_AutoSweep.job
[2011/08/12 14:05:55 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/12 14:05:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/12 13:57:51 | 535,871,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/12 11:47:55 | 000,489,738 | R--- | M] (Swearware) -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\dds.exe
[2011/08/12 09:29:47 | 127,805,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/11 17:31:14 | 000,659,715 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/08/11 13:03:03 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\RSIT.exe
[2011/08/11 09:00:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/11 08:24:26 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/07 13:26:10 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\NUSAYUTA.DLL
[2011/08/04 12:47:43 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\Defogger.exe
[2011/08/04 10:19:03 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\HiJackThis.lnk
[2011/07/26 09:15:10 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/07/25 18:30:14 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\DIBIYOWA.DLL
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/07/24 22:21:20 | 000,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/24 21:57:14 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/07/24 21:57:09 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\ORVILLE ROBBINS\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/07/24 21:57:09 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/07/24 21:44:21 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\Login - att.net Yahoo!.url
[2011/07/24 17:43:30 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\ORVILLE ROBBINS\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/07/24 17:43:29 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/07/15 09:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/11 13:02:54 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\RSIT.exe
[2011/08/11 08:52:28 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/07 13:26:10 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\NUSAYUTA.DLL
[2011/08/04 12:47:36 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\Defogger.exe
[2011/08/04 10:17:11 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\HiJackThis.lnk
[2011/08/04 09:55:15 | 535,871,488 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/26 09:15:10 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/07/25 18:30:14 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\DIBIYOWA.DLL
[2011/07/24 22:49:21 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_AutoSweep.job
[2011/07/24 21:57:14 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/07/24 21:57:09 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/07/24 21:57:09 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/07/24 21:32:01 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\Login - att.net Yahoo!.url
[2011/07/24 17:43:37 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/07/24 17:43:32 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/07/24 17:43:30 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/07/24 17:43:29 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/06/18 17:09:55 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/04/27 22:16:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 03:50:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2009/11/16 03:30:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2009/11/16 03:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2009/11/16 02:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2009/11/16 02:29:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2008/02/07 01:13:42 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/01/30 00:14:35 | 000,000,589 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/01/30 00:14:31 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2007/01/15 19:06:15 | 000,000,280 | ---- | C] () -- C:\WINDOWS\EReg213.dat
[2007/01/15 19:05:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/13 13:49:50 | 000,001,553 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2007/01/13 13:49:49 | 000,001,097 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2007/01/13 13:39:53 | 000,000,398 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/01/13 13:28:22 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\SMACKW32.dll
[2007/01/13 12:46:06 | 000,000,556 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/01/12 12:09:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/12 11:24:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/05/11 10:39:14 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/03/17 01:55:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/08/30 20:21:23 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2002/08/30 20:17:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2002/08/30 20:15:19 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/30 20:15:15 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/08/29 17:49:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/29 17:30:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PcfEdit.INI
[2002/08/29 15:59:26 | 000,000,804 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/29 15:53:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/08/29 15:47:48 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 15:34:46 | 003,006,312 | ---- | C] () -- C:\WINDOWS\Q323507.exe
[2002/08/29 15:34:45 | 000,311,912 | ---- | C] () -- C:\WINDOWS\Q320174.exe
[2002/08/29 15:34:45 | 000,208,488 | ---- | C] () -- C:\WINDOWS\Q318623.exe
[2002/08/29 15:34:44 | 002,931,304 | ---- | C] () -- C:\WINDOWS\Q317277.exe
[2002/08/29 15:34:44 | 000,641,640 | ---- | C] () -- C:\WINDOWS\Q318138.exe
[2002/08/29 15:34:43 | 003,080,808 | ---- | C] () -- C:\WINDOWS\Q316676.exe
[2002/08/29 15:34:43 | 003,031,400 | ---- | C] () -- C:\WINDOWS\Q316575.exe
[2002/08/29 15:34:43 | 001,189,992 | ---- | C] () -- C:\WINDOWS\Q316397.exe
[2002/08/29 15:34:42 | 000,621,672 | ---- | C] () -- C:\WINDOWS\Q316134.exe
[2002/08/29 15:34:42 | 000,605,288 | ---- | C] () -- C:\WINDOWS\Q312368.EXE
[2002/08/29 15:34:42 | 000,599,144 | ---- | C] () -- C:\WINDOWS\Q315000.EXE
[2002/08/29 15:34:42 | 000,487,016 | ---- | C] () -- C:\WINDOWS\Q315403.EXE
[2002/08/29 15:34:42 | 000,329,320 | ---- | C] () -- C:\WINDOWS\Q312131.exe
[2002/08/29 15:34:42 | 000,290,920 | ---- | C] () -- C:\WINDOWS\Q311889.EXE
[2002/08/29 15:34:42 | 000,252,520 | ---- | C] () -- C:\WINDOWS\Q311967.exe
[2002/08/29 15:34:42 | 000,234,088 | ---- | C] () -- C:\WINDOWS\Q314147.exe
[2002/08/29 15:34:41 | 002,039,400 | ---- | C] () -- C:\WINDOWS\Q309521.exe
[2002/08/29 15:34:41 | 000,517,736 | ---- | C] () -- C:\WINDOWS\Q310601.exe
[2002/08/29 15:34:41 | 000,474,728 | ---- | C] () -- C:\WINDOWS\Q308677.EXE
[2002/08/29 15:34:41 | 000,248,424 | ---- | C] () -- C:\WINDOWS\Q311785.exe
[2002/08/29 15:34:41 | 000,170,856 | ---- | C] () -- C:\WINDOWS\Q309056.exe
[2002/08/29 15:34:40 | 000,359,016 | ---- | C] () -- C:\WINDOWS\Q308402.EXE
[2002/08/29 15:34:40 | 000,193,128 | ---- | C] () -- C:\WINDOWS\Q308374.exe
[2002/08/29 15:34:40 | 000,188,520 | ---- | C] () -- C:\WINDOWS\Q307274.exe
[2002/08/29 15:34:40 | 000,159,336 | ---- | C] () -- C:\WINDOWS\Q307271.exe
[2002/08/29 15:34:40 | 000,148,584 | ---- | C] () -- C:\WINDOWS\Q308387.EXE
[2002/08/29 15:34:27 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2002/08/29 15:34:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2002/08/29 15:34:10 | 000,000,608 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/08/29 15:33:38 | 001,135,616 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2002/08/29 15:33:36 | 000,335,118 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 15:33:36 | 000,046,848 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 15:33:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/29 15:33:29 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2002/08/29 15:33:05 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2002/08/29 08:39:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/08/29 08:38:42 | 000,153,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

#10 JohnF-jjccf

JohnF-jjccf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 12 August 2011 - 01:34 PM

2nd file:
OTL Extras logfile created on: 8/12/2011 2:20:45 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ORVILLE ROBBINS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 161.32 Mb Available Physical Memory | 31.57% Memory free
1.22 Gb Paging File | 0.75 Gb Available in Paging File | 61.65% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.94 Gb Total Space | 4.06 Gb Free Space | 27.21% Space Free | Partition Type: NTFS
Drive D: | 13.01 Gb Total Space | 12.87 Gb Free Space | 98.97% Space Free | Partition Type: NTFS

Computer Name: HIDELAWNO | User Name: ORVILLE ROBBINS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 26
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"BellsouthHelpCenter4.0b_is1" = FastAccess® DSL Help Center 4.1
"BFGC" = Big Fish Games: Game Manager
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files &reg;: Dire Grove ™
"CNXT_MODEM_PCI_VEN_8086&DEV_2486&SUBSYS_813C104D" = SoftK56 Data Fax
"ieSpell" = ieSpell
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Smart Defrag 2_is1" = Smart Defrag 2
"STANDARDR" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics TouchPad
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/13/2009 11:13:20 PM | Computer Name = HIDELAWNO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
jscript.dll, version 5.6.0.8513, hang address 0x00005893.

Error - 2/13/2009 11:13:20 PM | Computer Name = HIDELAWNO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
jscript.dll, version 5.6.0.8513, hang address 0x00005893.

Error - 3/23/2009 9:03:08 PM | Computer Name = HIDELAWNO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2600.0, faulting module
mshtml.dll, version 6.0.2726.2500, fault address 0x001961f2.

Error - 4/2/2009 8:02:22 PM | Computer Name = HIDELAWNO | Source = Photo Server | ID = 9001
Description =

Error - 4/2/2009 8:02:23 PM | Computer Name = HIDELAWNO | Source = VAIO Media Music Server | ID = 9001
Description =

Error - 4/2/2009 8:20:19 PM | Computer Name = HIDELAWNO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the
required files. Check your connection to the network, or CD-ROM drive. For other
potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 4/4/2009 12:42:03 AM | Computer Name = HIDELAWNO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the
required files. Check your connection to the network, or CD-ROM drive. For other
potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 4/5/2009 10:58:11 PM | Computer Name = HIDELAWNO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the
required files. Check your connection to the network, or CD-ROM drive. For other
potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 4/9/2009 11:46:15 PM | Computer Name = HIDELAWNO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the
required files. Check your connection to the network, or CD-ROM drive. For other
potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 4/14/2009 9:50:41 PM | Computer Name = HIDELAWNO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the
required files. Check your connection to the network, or CD-ROM drive. For other
potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

[ System Events ]
Error - 6/18/2011 5:08:31 PM | Computer Name = HIDELAWNO | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 6/18/2011 5:09:01 PM | Computer Name = HIDELAWNO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 6/18/2011 5:09:49 PM | Computer Name = HIDELAWNO | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 7/24/2011 4:48:48 PM | Computer Name = HIDELAWNO | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 7/24/2011 4:49:04 PM | Computer Name = HIDELAWNO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 7/24/2011 4:51:34 PM | Computer Name = HIDELAWNO | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 7/24/2011 4:58:30 PM | Computer Name = HIDELAWNO | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00D041B9F932. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/24/2011 4:59:45 PM | Computer Name = HIDELAWNO | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00D041B9F932. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 7/24/2011 5:04:31 PM | Computer Name = HIDELAWNO | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 7/24/2011 5:04:59 PM | Computer Name = HIDELAWNO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL


< End of report >

#11 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:14 PM

Posted 13 August 2011 - 03:55 AM

Hi,

Let's run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - AppInit_DLLs: (nusayuta.dll) - C:\WINDOWS\System32\NUSAYUTA.DLL ()
    O20 - AppInit_DLLs: (c:\windows\system32\dibiyowa.dll) - C:\WINDOWS\system32\DIBIYOWA.DLL ()
    O21 - SSODL: gemajuran - {f4625023-6e12-42b7-94da-124d8717af9c} - CLSID or File not found.
    O22 - SharedTaskScheduler: {f4625023-6e12-42b7-94da-124d8717af9c} - mujuzedij - Reg Error: Value error. File not found
    [2011/07/25 18:30:14 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\DIBIYOWA.DLL
    [2011/08/07 13:26:10 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\NUSAYUTA.DLL
    [2009/11/16 03:50:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
    [2009/11/16 03:30:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
    [2009/11/16 03:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
    [2009/11/16 02:49:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
    [2009/11/16 02:29:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
    :Commands
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log.



Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned OTL log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#12 JohnF-jjccf

JohnF-jjccf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 13 August 2011 - 07:03 AM

here is the log after reboot. No dll errors on reboot....but I guess you knew that. :thumbup2: will proceed to second set of instructions.
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:nusayuta.dll deleted successfully.
C:\WINDOWS\system32\NUSAYUTA.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\dibiyowa.dll deleted successfully.
C:\WINDOWS\system32\DIBIYOWA.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gemajuran deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4625023-6e12-42b7-94da-124d8717af9c}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{f4625023-6e12-42b7-94da-124d8717af9c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4625023-6e12-42b7-94da-124d8717af9c}\ not found.
File C:\WINDOWS\System32\DIBIYOWA.DLL not found.
File C:\WINDOWS\System32\NUSAYUTA.DLL not found.
C:\WINDOWS\system32\16827.exe moved successfully.
C:\WINDOWS\system32\23281.exe moved successfully.
C:\WINDOWS\system32\28145.exe moved successfully.
C:\WINDOWS\system32\5705.exe moved successfully.
C:\WINDOWS\system32\24464.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3322115 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 743465 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 135160271 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: ORVILLE ROBBINS
->Temp folder emptied: 1739756 bytes
->Temporary Internet Files folder emptied: 14999781 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 897 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2181811 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49218 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1195103 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 692044 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 153.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08132011_075136

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temp\~DF511F.tmp not found!
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temp\~DF51B6.tmp not found!
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temp\~DF529D.tmp not found!
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temp\~DF52AA.tmp not found!
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temp\~DF5439.tmp not found!
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temp\~DF544E.tmp not found!
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temporary Internet Files\Content.IE5\RBMW91G0\CAQJS9AB. not found!
C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temporary Internet Files\Content.IE5\LKC8QFDD\page__pid__2370184[1].htm moved successfully.
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temporary Internet Files\Content.IE5\KPUV0LE3\fua[1]. not found!
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temporary Internet Files\Content.IE5\K9U3W52V\e9hfp[1]. not found!
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temporary Internet Files\Content.IE5\K5AZ4X2R\athensga.craigslist[1]. not found!
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temporary Internet Files\Content.IE5\K5AZ4X2R\a[1]. not found!
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temporary Internet Files\Content.IE5\4T238TQB\NWT-TONY-HAWK-SKATE-BOARD-FUN-S-6-8-SLEEPWEAR-PANTS-PJS_W0QQitemZ130199403869QQihZ003QQcategoryZ15616QQssPageNameZWDVWQQrdZ1QQcmdZViewItem[1]. not found!
File\Folder C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Temporary Internet Files\Content.IE5\0H6JOTEF\ele[1]. not found!

Registry entries deleted on Reboot...

#13 JohnF-jjccf

JohnF-jjccf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 13 August 2011 - 09:44 AM

okay here is the file from the online scan:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=9a229e396f23da409fdda1b09ba07376
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-13 01:46:20
# local_time=2011-08-13 09:46:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 98 0 56295015 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=41310
# found=2
# cleaned=0
# scan_time=4316
C:\Documents and Settings\ORVILLE ROBBINS\DoctorWeb\Quarantine\A0015174.exe a variant of Win32/Adware.Gamevance.AC application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\ORVILLE ROBBINS\DoctorWeb\Quarantine\gvun.exe a variant of Win32/Adware.Gamevance.AC application (unable to clean) 00000000000000000000000000000000 I



Could not run DDS same thing happened it ran and locked up had to reboot. I ran the scan again for OTL and here are those results:
OTL logfile created on: 8/13/2011 10:20:14 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ORVILLE ROBBINS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 129.07 Mb Available Physical Memory | 25.26% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 69.79% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.94 Gb Total Space | 3.88 Gb Free Space | 25.95% Space Free | Partition Type: NTFS
Drive D: | 13.01 Gb Total Space | 12.87 Gb Free Space | 98.97% Space Free | Partition Type: NTFS

Computer Name: HIDELAWNO | User Name: ORVILLE ROBBINS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\ORVILLE ROBBINS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - D:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\atiptaxx.exe (ATI Technologies, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\ORVILLE ROBBINS\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (IMFservice) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (AdvancedSystemCareService) -- D:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)


========== Driver Services (SafeList) ==========

DRV - (FileMonitor) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys ()
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (UrlFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys (IObit.com)
DRV - (AvgRkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WDM_YAMAHAAC97) -- C:\WINDOWS\system32\drivers\yacxgc.sys (YAMAHA CORPORATION)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)
DRV - (DSB650TX) -- C:\WINDOWS\system32\drivers\DSB650TX.sys (D-Link)
DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (wandrv) -- C:\WINDOWS\system32\drivers\wandrv.sys (America Online, Inc.)
DRV - (va32w2) -- C:\WINDOWS\System32\DRIVERS\va32w2.sys (Sony Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (va16w2) -- C:\WINDOWS\System32\DRIVERS\va16w2.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http:www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/11 08:24:24 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/03/08 19:42:35 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: compuserve.com ([]* is out of zone range - 5)
O15 - HKCU\..Trusted Domains: compuserve.com ([objects] * is out of zone range - 6)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Value error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1299608162457 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ORVILLE ROBBINS\Application Data\Sony Corporation\PictureGear Studio\DSC00177.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/29 15:50:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{56e04b80-479a-11e0-a4ce-00d041b9f932}\Shell - "" = AutoRun
O33 - MountPoints2\{56e04b80-479a-11e0-a4ce-00d041b9f932}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{56e04b80-479a-11e0-a4ce-00d041b9f932}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - C:\WINDOWS\System32\SmartDefragBootTime.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 08:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/13 08:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/13 08:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Application Data\Solid State Networks
[2011/08/13 08:05:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/13 07:51:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/12 14:19:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\OTL.exe
[2011/08/12 11:47:54 | 000,489,738 | R--- | C] (Swearware) -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\dds.exe
[2011/08/11 16:41:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/08/11 13:03:56 | 000,000,000 | ---D | C] -- C:\rsit
[2011/08/11 13:01:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/08/11 12:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/08/11 12:55:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ORVILLE ROBBINS\Start Menu\Programs\Administrative Tools
[2011/08/11 08:04:51 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/11 08:03:52 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/04 13:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ORVILLE ROBBINS\Application Data\ieSpell
[2011/08/04 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2011/08/04 10:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ORVILLE ROBBINS\Start Menu\Programs\HiJackThis
[2011/08/04 09:36:15 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/07/26 09:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/07/25 20:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ORVILLE ROBBINS\Application Data\AVG
[2011/07/24 21:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/07/24 21:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/07/24 21:41:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ORVILLE ROBBINS\IECompatCache
[2011/07/24 20:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/07/24 19:29:35 | 000,139,776 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2011/07/24 17:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2011/07/24 17:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/24 17:30:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/24 17:27:24 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

========== Files - Modified Within 30 Days ==========

[2011/08/13 10:08:06 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_AutoSweep.job
[2011/08/13 10:07:16 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/13 10:07:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/13 10:07:11 | 535,871,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/13 08:16:40 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/13 05:32:18 | 127,946,322 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/12 17:30:43 | 000,154,155 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/08/12 14:19:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\OTL.exe
[2011/08/12 14:16:23 | 000,335,118 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/12 14:16:23 | 000,046,848 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/12 11:47:55 | 000,489,738 | R--- | M] (Swearware) -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\dds.exe
[2011/08/11 17:31:14 | 000,659,715 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/08/11 13:03:03 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\RSIT.exe
[2011/08/11 09:00:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/11 08:24:26 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/04 12:47:43 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\Defogger.exe
[2011/08/04 10:19:03 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\HiJackThis.lnk
[2011/07/26 09:15:10 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/07/24 22:21:20 | 000,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/24 21:57:14 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/07/24 21:57:09 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\ORVILLE ROBBINS\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/07/24 21:57:09 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/07/24 21:44:21 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\Login - att.net Yahoo!.url
[2011/07/24 17:43:30 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\ORVILLE ROBBINS\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/07/24 17:43:29 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/07/15 09:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

========== Files Created - No Company Name ==========

[2011/08/13 08:16:38 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/13 08:16:36 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/11 13:02:54 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\RSIT.exe
[2011/08/11 08:52:28 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/04 12:47:36 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\Defogger.exe
[2011/08/04 10:17:11 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\HiJackThis.lnk
[2011/08/04 09:55:15 | 535,871,488 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/26 09:15:10 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/07/24 22:49:21 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_AutoSweep.job
[2011/07/24 21:57:14 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/07/24 21:57:09 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/07/24 21:57:09 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/07/24 21:32:01 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Desktop\Login - att.net Yahoo!.url
[2011/07/24 17:43:37 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/07/24 17:43:32 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/07/24 17:43:30 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/07/24 17:43:29 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/06/18 17:09:55 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/04/27 22:16:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\ORVILLE ROBBINS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/07 01:13:42 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/01/30 00:14:35 | 000,000,589 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/01/30 00:14:31 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2007/01/15 19:06:15 | 000,000,280 | ---- | C] () -- C:\WINDOWS\EReg213.dat
[2007/01/15 19:05:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/13 13:49:50 | 000,001,553 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2007/01/13 13:49:49 | 000,001,097 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2007/01/13 13:39:53 | 000,000,398 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/01/13 13:28:22 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\SMACKW32.dll
[2007/01/13 12:46:06 | 000,000,556 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/01/12 12:09:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/12 11:24:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/05/11 10:39:14 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/03/17 01:55:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/08/30 20:21:23 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2002/08/30 20:17:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2002/08/30 20:15:19 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/30 20:15:15 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/08/29 17:49:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/29 17:30:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PcfEdit.INI
[2002/08/29 15:59:26 | 000,000,804 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/29 15:53:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/08/29 15:47:48 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 15:34:46 | 003,006,312 | ---- | C] () -- C:\WINDOWS\Q323507.exe
[2002/08/29 15:34:45 | 000,311,912 | ---- | C] () -- C:\WINDOWS\Q320174.exe
[2002/08/29 15:34:45 | 000,208,488 | ---- | C] () -- C:\WINDOWS\Q318623.exe
[2002/08/29 15:34:44 | 002,931,304 | ---- | C] () -- C:\WINDOWS\Q317277.exe
[2002/08/29 15:34:44 | 000,641,640 | ---- | C] () -- C:\WINDOWS\Q318138.exe
[2002/08/29 15:34:43 | 003,080,808 | ---- | C] () -- C:\WINDOWS\Q316676.exe
[2002/08/29 15:34:43 | 003,031,400 | ---- | C] () -- C:\WINDOWS\Q316575.exe
[2002/08/29 15:34:43 | 001,189,992 | ---- | C] () -- C:\WINDOWS\Q316397.exe
[2002/08/29 15:34:42 | 000,621,672 | ---- | C] () -- C:\WINDOWS\Q316134.exe
[2002/08/29 15:34:42 | 000,605,288 | ---- | C] () -- C:\WINDOWS\Q312368.EXE
[2002/08/29 15:34:42 | 000,599,144 | ---- | C] () -- C:\WINDOWS\Q315000.EXE
[2002/08/29 15:34:42 | 000,487,016 | ---- | C] () -- C:\WINDOWS\Q315403.EXE
[2002/08/29 15:34:42 | 000,329,320 | ---- | C] () -- C:\WINDOWS\Q312131.exe
[2002/08/29 15:34:42 | 000,290,920 | ---- | C] () -- C:\WINDOWS\Q311889.EXE
[2002/08/29 15:34:42 | 000,252,520 | ---- | C] () -- C:\WINDOWS\Q311967.exe
[2002/08/29 15:34:42 | 000,234,088 | ---- | C] () -- C:\WINDOWS\Q314147.exe
[2002/08/29 15:34:41 | 002,039,400 | ---- | C] () -- C:\WINDOWS\Q309521.exe
[2002/08/29 15:34:41 | 000,517,736 | ---- | C] () -- C:\WINDOWS\Q310601.exe
[2002/08/29 15:34:41 | 000,474,728 | ---- | C] () -- C:\WINDOWS\Q308677.EXE
[2002/08/29 15:34:41 | 000,248,424 | ---- | C] () -- C:\WINDOWS\Q311785.exe
[2002/08/29 15:34:41 | 000,170,856 | ---- | C] () -- C:\WINDOWS\Q309056.exe
[2002/08/29 15:34:40 | 000,359,016 | ---- | C] () -- C:\WINDOWS\Q308402.EXE
[2002/08/29 15:34:40 | 000,193,128 | ---- | C] () -- C:\WINDOWS\Q308374.exe
[2002/08/29 15:34:40 | 000,188,520 | ---- | C] () -- C:\WINDOWS\Q307274.exe
[2002/08/29 15:34:40 | 000,159,336 | ---- | C] () -- C:\WINDOWS\Q307271.exe
[2002/08/29 15:34:40 | 000,148,584 | ---- | C] () -- C:\WINDOWS\Q308387.EXE
[2002/08/29 15:34:27 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2002/08/29 15:34:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2002/08/29 15:34:10 | 000,000,608 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/08/29 15:33:38 | 001,135,616 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2002/08/29 15:33:36 | 000,335,118 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 15:33:36 | 000,046,848 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 15:33:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/29 15:33:29 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2002/08/29 15:33:05 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2002/08/29 08:39:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/08/29 08:38:42 | 000,153,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:14 PM

Posted 13 August 2011 - 10:05 AM

Hi,

Delete ESET findings.


Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


  • Double-click OTL.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade B)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 JohnF-jjccf

JohnF-jjccf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 13 August 2011 - 11:15 AM

Okay all instructions have been followed. Updates are finished with MS. Securna aborts after scanning for three seconds. Don't know why that happens...may have to reinstall it and try again. Did those online scan results that found two problems fixed? Everything seems to be running okay other than that. I do appreciate all of your help I would not have been able to do this!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users