Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown virus, infection, ?


  • This topic is locked This topic is locked
17 replies to this topic

#1 jimvt

jimvt

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:12:16 AM

Posted 17 April 2012 - 01:15 PM

For several days I have been unable to remove ANY Adobe products, i.e., Updater, Reader, Acrobat.com, Flash Player etc, also Google Earth and a few others. They will disappear after using Win XP Add/Remove but after reboot...there they are again! I've tried MBAM, Win. Security Essentials, Revo to no avail. No messages received on screen.


Hope someone can help.

Thanks in advance.

Jim D.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Owner at 10:00:07 on 2012-04-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.408 [GMT -4:00]
.
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Fighters\SPAMfighter\sfagent.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Fighters\Tray\FightersTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Fighters\SPAMfighter\sfus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Fighters\FighterSuiteService.exe
C:\WINDOWS\system32\imapi.exe
C:\Documents and Settings\Owner\My Documents\Downloads\Defogger.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=0ca0ea7f0000000000000040ca66ec0e
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Plugin for Media Finder: {ad4df010-e2fd-43ce-864a-6bd1edc59ac2} - c:\documents and settings\owner\application data\media finder\extensions\IEPlugin32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Inspector] c:\documents and settings\owner\application data\Protector-xmwn.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [sfagent] c:\program files\fighters\spamfighter\sfagent.exe
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [CommonToolkitTray] c:\program files\fighters\tray\FightersTray.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
IE: Download with &Media Finder
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: champlainvalleycu.com\www
Trusted Zone: firefox
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: mozilla
Trusted Zone: msn.com
Trusted Zone: stormofaces.com\www
Trusted Zone: youtube.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268514906265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7BBBCB59-6D43-451E-95B3-3C52A4E31F76} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: DfLogon - LogonDll.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: mcmpeng.exe - svchost.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\5xustack.jimvt\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2007-10-25 131472]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\fighters\spamfighter\sfus.exe [2012-2-2 215688]
R2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2012-1-23 1324680]
S0 qpeaujk;qpeaujk; [x]
S1 gawhnqom;gawhnqom; [x]
S1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [2010-9-14 11392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-22 136176]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 cpuz132;cpuz132; [x]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-9-12 23456]
S3 dump_wmimmc;dump_wmimmc; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-22 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
S3 uti3otqy;AVZ Kernel Driver;c:\windows\system32\drivers\uti3otqy.sys [2011-4-13 7168]
S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [2010-6-15 19024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-17 13:29:16 -------- d-----w- c:\program files\Support Tools
2012-04-17 11:02:15 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-04-17 10:59:50 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb528fd0-b88c-4bb4-9400-7e852cf06bf6}\mpengine.dll
2012-04-02 16:01:42 16300032 ------w- C:\Persi0.sys
2012-04-02 16:01:39 65536 ----a-w- c:\windows\system32\LogonDll.dll
2012-04-02 16:01:30 -------- d-----w- c:\program files\Faronics
2012-04-02 15:54:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 09:15:44 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-31 17:49:37 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
2012-03-25 21:29:05 -------- d-----w- c:\documents and settings\owner\application data\Media Finder
2012-03-25 21:28:28 -------- d-----w- c:\program files\Media Finder
2012-03-23 14:45:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-18 20:08:01 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 20:08:01 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-03-23 14:44:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-05 14:35:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2010-03-26 01:39:40 40960 ----a-w- c:\program files\PPSFix.exe
2008-10-20 19:13:44 1820 ------w- c:\program files\IE80Blocker.cmd
.
============= FINISH: 10:01:17.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 AM

Posted 20 April 2012 - 10:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Please post the logs and let me know what problem persists.

#3 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:12:16 AM

Posted 20 April 2012 - 11:38 AM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOME-N4TTGLLC4R [administrator]

4/20/2012 11:55:28 AM
mbam-log-2012-04-20 (11-55-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201566
Time elapsed: 20 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Here is the MBAM...had to remove Windows Essentials and MBAM...now doing ComboFix...btw Win. Ess.had a popup that said it found something but then the popup disappeared.

#4 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:12:16 AM

Posted 20 April 2012 - 06:57 PM

OK...drop me a line when you can!

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 AM

Posted 21 April 2012 - 09:19 AM

Can I see the ComboFix log?

#6 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:12:16 AM

Posted 21 April 2012 - 09:53 AM

Hello, nasdaq......I thought I sent it and now I can't find C:\ComboFix.txt...so I'll run it again and get it to you.

Thanks,

JD

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 AM

Posted 22 April 2012 - 08:28 AM

Let try this tool.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#8 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:12:16 AM

Posted 22 April 2012 - 09:20 AM

OTL logfile created on: 4/22/2012 9:45:58 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.49 Mb Total Physical Memory | 556.65 Mb Available Physical Memory | 54.82% Memory free
1.64 Gb Paging File | 1.33 Gb Available in Paging File | 81.29% Paging File free
Paging file location(s): C:\pagefile.sys 756 756 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 54.14 Gb Free Space | 72.64% Space Free | Partition Type: NTFS
Drive E: | 3.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-N4TTGLLC4R | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe (Faronics Corporation)
PRC - C:\Program Files\Fighters\SPAMfighter\sfus.exe (SPAMfighter ApS)
PRC - C:\Program Files\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)
PRC - C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
PRC - C:\Program Files\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe (Faronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Fighters\SPAMfighter\sfse.dll ()
MOD - C:\Program Files\Fighters\SPAMfighter\sfsg.dll ()
MOD - C:\WINDOWS\system32\LogonDll.dll ()
MOD - C:\WINDOWS\system32\P17.dll ()


========== Win32 Services (SafeList) ==========

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (ACDaemon) -- File not found
SRV - (SPAMfighter Update Service) -- C:\Program Files\Fighters\SPAMfighter\sfus.exe (SPAMfighter ApS)
SRV - (Suite Service) -- C:\Program Files\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (DF5Serv) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe (Faronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (qpeaujk) -- File not found
DRV - (PROCEXP151) -- C:\WINDOWS\system32\Drivers\PROCEXP151.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (gawhnqom) -- File not found
DRV - (dump_wmimmc) -- File not found
DRV - (cpuz132) -- File not found
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (uti3otqy) -- C:\WINDOWS\system32\drivers\uti3otqy.sys ()
DRV - (RemoveAny) -- C:\WINDOWS\system32\drivers\RemoveAny.sys (HeavenWard)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (DeepFrz) -- C:\WINDOWS\System32\drivers\DeepFrz.sys (Faronics Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
DRV - (hidgame) -- C:\WINDOWS\system32\drivers\hidgame.sys (Microsoft Corporation)
DRV - (ntgrip) -- C:\WINDOWS\system32\drivers\ntgrip.sys (Kensington Technology Group)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=0ca0ea7f0000000000000040ca66ec0e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 DB A4 6F 94 0A CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=0ca0ea7f0000000000000040ca66ec0e
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 16:08:02 | 000,000,000 | ---D | M]

[2011/06/25 10:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/04/22 08:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5xustack.jimvt\extensions
[2012/04/22 08:36:37 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5xustack.jimvt\extensions\anttoolbar@ant.com
[2011/12/03 13:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a77eofet.default\extensions
[2012/04/02 11:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/23 10:45:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/18 16:08:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/02 17:09:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 10:31:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/10 11:50:39 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Documents and Settings\Owner\Application Data\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Inspector] C:\Documents and Settings\Owner\Application Data\Protector-xmwn.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/09 10:11:03 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Media Finder - Reg Error: Value error. File not found
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: champlainvalleycu.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: firefox ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ketsujin.com ([fighterace] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ketsujin.com ([primary] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ketsujin.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ketsujin.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mozilla ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: stormofaces.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([www] https in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268514906265 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BBBCB59-6D43-451E-95B3-3C52A4E31F76}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - C:\WINDOWS\System32\LogonDll.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\mcmpeng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/08 11:38:39 | 025,409,024 | R--- | M] () - E:\AUTOBIOGRAPHY OF.doc -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/22 06:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/04/22 06:27:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/04/02 12:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Faronics
[2012/04/02 11:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/02 11:54:03 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/02 05:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/31 13:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Player Classic - Home Cinema
[2012/03/31 13:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema
[2012/03/25 17:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder
[2012/03/25 17:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Media Finder
[2012/03/25 17:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Media Finder
[2012/03/23 10:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/23 10:45:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/23 10:45:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/23 10:45:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/23 10:45:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/23 09:55:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/22 09:44:30 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to OTL.exe.lnk
[2012/04/22 09:17:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/22 06:33:31 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/22 06:27:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/22 06:22:31 | 016,300,032 | ---- | M] () -- C:\Persi0.sys
[2012/04/22 06:21:03 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/02 11:54:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/02 11:27:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/02 05:22:12 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/02 05:05:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstet.dat
[2012/04/01 17:16:05 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2012/03/31 13:49:53 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Media Player Classic - Home Cinema.lnk
[2012/03/31 13:23:35 | 000,373,099 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\March31374.jpg
[2012/03/31 13:22:44 | 000,397,641 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\March31373.jpg
[2012/03/31 13:21:52 | 000,452,050 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\March31372.jpg
[2012/03/31 13:20:57 | 000,317,869 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\March31371.jpg
[2012/03/31 12:10:46 | 000,393,842 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\March31369.jpg
[2012/03/31 12:09:55 | 000,451,153 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\March31368.jpg
[2012/03/31 12:09:03 | 000,329,071 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\March31367.jpg
[2012/03/31 11:44:37 | 000,538,417 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\March31366.jpg
[2012/03/30 14:28:46 | 000,585,713 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Takahashi354.jpg
[2012/03/27 13:14:03 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Eusing Free Registry Cleaner.lnk
[2012/03/23 12:49:28 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2012/03/23 10:44:02 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/23 10:44:02 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/23 10:44:02 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/23 10:44:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/23 10:44:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/22 09:44:30 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to OTL.exe.lnk
[2012/04/02 12:01:42 | 016,300,032 | ---- | C] () -- C:\Persi0.sys
[2012/04/02 12:01:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\LogonDll.dll
[2012/04/02 11:54:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/02 05:21:24 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/02 05:16:00 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/31 13:49:53 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Media Player Classic - Home Cinema.lnk
[2012/03/31 13:23:35 | 000,373,099 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\March31374.jpg
[2012/03/31 13:22:44 | 000,397,641 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\March31373.jpg
[2012/03/31 13:21:52 | 000,452,050 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\March31372.jpg
[2012/03/31 13:20:57 | 000,317,869 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\March31371.jpg
[2012/03/31 12:10:46 | 000,393,842 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\March31369.jpg
[2012/03/31 12:09:55 | 000,451,153 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\March31368.jpg
[2012/03/31 12:08:59 | 000,329,071 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\March31367.jpg
[2012/03/31 11:44:35 | 000,538,417 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\March31366.jpg
[2012/03/30 14:28:42 | 000,585,713 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Takahashi354.jpg
[2012/03/28 09:36:11 | 000,247,975 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Daley-Fowler
[2012/02/15 07:53:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 14:25:23 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\9481
[2012/02/14 14:25:23 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\2631
[2012/02/14 14:25:23 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1548
[2012/02/14 14:25:23 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1477
[2012/02/14 14:25:23 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0359
[2012/02/04 12:26:03 | 000,000,583 | ---- | C] () -- C:\WINDOWS\System32\Shortcut to clipbrd.exe.lnk
[2012/01/30 12:40:58 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfwad.bin
[2012/01/26 15:10:33 | 000,206,293 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
[2012/01/26 15:10:33 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2012/01/21 22:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/20 20:53:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/20 20:45:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PERFV33_330.ini
[2012/01/19 17:04:41 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/19 17:04:41 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/19 17:04:41 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/19 17:04:41 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/19 17:04:41 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/19 17:04:41 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/19 17:04:41 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/19 17:04:41 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/19 17:04:41 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/19 17:04:41 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/19 17:04:41 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/19 17:04:41 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/19 17:04:41 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/19 17:04:40 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/19 17:04:40 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/12/27 09:47:07 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/12/26 12:16:38 | 000,207,256 | ---- | C] () -- C:\WINDOWS\hpwins28.dat.temp
[2011/12/26 10:38:12 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat.temp
[2011/10/15 13:30:03 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2011/10/15 09:01:53 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/09/30 10:27:46 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2011/09/30 10:27:46 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/09/07 16:03:53 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2011/05/23 07:38:02 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sampler Instruments
[2011/05/23 07:38:02 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Rule Actions
[2011/05/23 07:38:02 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/05/11 14:37:37 | 000,132,784 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/11 14:35:35 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2011/04/13 10:53:14 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uti3otqy.sys
[2011/03/16 09:32:40 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/07 12:12:08 | 000,000,006 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\date
[2011/03/07 12:12:08 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\evf6
[2010/09/24 15:40:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\vb_mconf.ini
[2010/06/22 14:12:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/13 20:17:50 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

========== LOP Check ==========

[2011/01/09 15:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/22 09:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/23 10:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/05/23 07:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2012/02/11 14:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/12/19 09:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2012/02/08 09:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2011/05/11 08:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2011/05/23 07:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/10/15 08:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/05/23 07:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Piano Med
[2011/12/09 12:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/05/23 07:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/11/09 17:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YSFLIGHT.COM
[2012/01/24 11:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2012/02/11 14:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Epson
[2012/02/08 09:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fighters
[2011/05/11 14:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free PDF to Word Converter
[2012/01/27 07:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Genie-Soft
[2012/02/14 14:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Imagic505N
[2010/10/12 09:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2012/01/19 20:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2012/03/25 17:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Media Finder
[2011/05/23 07:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2012/01/18 13:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PolyView
[2012/04/22 06:27:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-14 14:38:32

< MD5 for: AGP440.SYS >
[2010/03/13 17:58:19 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/03/13 17:58:19 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2010/03/13 17:58:19 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2010/03/13 17:58:19 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/05/13 21:57:11 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\ATAPI.SYS
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2002/08/29 08:00:00 | 000,565,760 | ---- | M] (Microsoft Corporation) MD5=C29EA308913FEC2AF4F977EF718A3574 -- C:\WINDOWS\I386\AUTOCHK.EXE

< MD5 for: BEEP.SYS >
[2002/08/29 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2002/08/29 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: KERNEL32.DLL >
[2006/07/05 06:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2009/03/21 09:54:07 | 000,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 20:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2006/07/05 06:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$hf_mig$\KB917422\SP2GDR\kernel32.dll
[2009/03/21 09:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 13:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 20:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 00:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2002/08/29 08:00:00 | 000,561,920 | ---- | M] (Microsoft Corporation) MD5=E3AE9C79498210A5F39FE5A9AD62BC55 -- C:\WINDOWS\I386\NTFS.SYS

< MD5 for: NTMSSVC.DLL >
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 09:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 20:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2005/06/10 19:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TERMSRV.DLL >
[2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: XMLPROV.DLL >
[2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

< End of report >
OTL Extras logfile created on: 4/22/2012 9:45:58 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.49 Mb Total Physical Memory | 556.65 Mb Available Physical Memory | 54.82% Memory free
1.64 Gb Paging File | 1.33 Gb Available in Paging File | 81.29% Paging File free
Paging file location(s): C:\pagefile.sys 756 756 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 54.14 Gb Free Space | 72.64% Space Free | Partition Type: NTFS
Drive E: | 3.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-N4TTGLLC4R | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{014A3EE0-6C7F-47D9-BF3C-7027DD445E51}" = SPAMfighter
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V33/V330 Photo Scanner Driver Update
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EPSON Scanner" = EPSON Scan
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.1214
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ICQ" = ICQ
"ie8" = Windows Internet Explorer 8
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MemoriesOnTV4_is1" = MemoriesOnTV 4.1.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"PolyView" = PolyView 4.41
"SPAMfighter" = SPAMfighter
"SysInfo" = Creative System Information
"Unlocker" = Unlocker 1.8.9
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"XLS Converter_is1" = XLS Converter 1.7.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2011 11:46:21 PM | Computer Name = HOME-N4TTGLLC4R | Source = Application Error | ID = 1000
Description = Faulting application battlestationsmidway.exe, version 0.0.0.0, faulting
module battlestationsmidway.exe, version 0.0.0.0, fault address 0x005173d9.

Error - 12/12/2011 11:47:31 PM | Computer Name = HOME-N4TTGLLC4R | Source = Application Error | ID = 1000
Description = Faulting application battlestationsmidway.exe, version 0.0.0.0, faulting
module battlestationsmidway.exe, version 0.0.0.0, fault address 0x005173d9.

Error - 12/13/2011 9:59:25 AM | Computer Name = HOME-N4TTGLLC4R | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2011 9:59:38 AM | Computer Name = HOME-N4TTGLLC4R | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

Error - 12/13/2011 10:01:38 AM | Computer Name = HOME-N4TTGLLC4R | Source = Application Error | ID = 1000
Description = Faulting application faunin~1.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x74686769.

Error - 12/13/2011 10:02:04 AM | Computer Name = HOME-N4TTGLLC4R | Source = Application Error | ID = 1000
Description = Faulting application faunin~1.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x74686769.

Error - 12/13/2011 10:02:16 AM | Computer Name = HOME-N4TTGLLC4R | Source = Application Error | ID = 1001
Description = Fault bucket 439450114.

Error - 12/18/2011 5:47:23 PM | Computer Name = HOME-N4TTGLLC4R | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2011 8:32:57 AM | Computer Name = HOME-N4TTGLLC4R | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module inetcomm.dll, version 6.0.2900.6157, fault address 0x000296b8.

Error - 12/19/2011 8:33:07 AM | Computer Name = HOME-N4TTGLLC4R | Source = Application Error | ID = 1001
Description = Fault bucket -1550194707.

[ System Events ]
Error - 4/22/2012 6:21:17 AM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 4/22/2012 6:21:38 AM | Computer Name = HOME-N4TTGLLC4R | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RemoveAny

Error - 4/22/2012 6:22:24 AM | Computer Name = HOME-N4TTGLLC4R | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 4/22/2012 9:50:18 AM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 4/22/2012 9:50:21 AM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 4/22/2012 9:50:24 AM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 4/22/2012 9:50:26 AM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 4/22/2012 10:01:24 AM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 4/22/2012 10:01:27 AM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 4/22/2012 10:01:29 AM | Computer Name = HOME-N4TTGLLC4R | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.


< End of report >

#9 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:12:16 AM

Posted 22 April 2012 - 09:23 AM

OK...hope you got those ok!

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 AM

Posted 22 April 2012 - 09:55 AM

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=0ca0ea7f0000000000000040ca66ec0e
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=0ca0ea7f0000000000000040ca66ec0e
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O2 - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Documents and Settings\Owner\Application Data\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKCU..\Run: [Inspector] C:\Documents and Settings\Owner\Application Data\Protector-xmwn.exe File not found
    O8 - Extra context menu item: Download with &Media Finder - Reg Error: Value error. File not found
    O12 - Plugin for: .spop - Reg Error: Value error. File not found
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O27 - HKLM IFEO\mcmpeng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
    
    :Commands
    [emptytemp]
    [Reboot]
    [/code]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Please let me know what problem persists.

#11 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:12:16 AM

Posted 22 April 2012 - 11:09 AM

This is wierd.

I did the OTL procedure as described.
After Reboot...there was NO OTL icon on the desktop...couldn't find it with "Search" or "Regedit".

Thus could not run "Quick Scan" and post.

The same rebooted screen came up as before with the Flash Player Update crap.

Your emails are no longer in my OE "IN" file.

There was a yellow shield near the clock that was "updating" something.....(might be Windows Automatic)

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 AM

Posted 22 April 2012 - 12:33 PM

Do you still have OTL.EXE on your computer.

Run it and see if the icon comes back.

#13 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:12:16 AM

Posted 22 April 2012 - 01:12 PM

Nope...not in C:\Programs, Desktp, Add/Remove/Registry...!

#14 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:12:16 AM

Posted 22 April 2012 - 07:06 PM

any other ideas?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 AM

Posted 23 April 2012 - 07:50 AM

Download and reinstall OTL.

Your Virus protection software may be deleting it.

Run it with the script of my last instructions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users