Jump to content

Reappearing Trojans zlob.trojan and zlob.videoaccess


Recommended Posts

As part of my security on my PC, I use Spyhunter 3 and every so often Spyhunter tells me after a scan that it detected:

zlob.trojan and zlob.videoaccess.

It shows on the detail part that there are 252 infected objects.

Once I remove them with Spyhunter, they show up again after a time and I have to go through the same process again and again.

I used MBAM to scan for this Malware in Safe Mode and then I used SDFix to follow up and each case the scans do not pick up these hidden trojans and show: "No Malware detected on your system".

This has been going on for quite a while and I am at the end of my wits about how to get rid of these pests.

Are there any solutions out there that would clean my system permanently and once and for all?

I appreciate any input on this. Thanks very much

Link to post
Share on other sites

Did you purchase SpyHunter ? If not, de-install it.

To get guided help here, please do the following:

eusa_hand.gif Stop getting and using special tools (ala SDFIX) without expert help icon_exclaim.gif

1. Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

3. Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

Using Internet Explorer browser only, go to ESET Online Scanner website:

Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

=

Download OTListIt by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTListIt2.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTListIt.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTListIt2 by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • copy of the Eset scan log
  • the contents of OTListIt.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Did you purchase SpyHunter ? If not, de-install it.

To get guided help here, please do the following:

eusa_hand.gif Stop getting and using special tools (ala SDFIX) without expert help icon_exclaim.gif

1. Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

3. Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

Using Internet Explorer browser only, go to ESET Online Scanner website:

Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

  • Accept the Terms of Use and press Start button;

  • Approve the install of the required ActiveX Control, then follow on-screen instructions;

  • Enable (check) the Remove found threats option, and run the scan.

  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.

      Otherwise the scan will take twice as long to do:

      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.

      (And the prompt re-enabling when finished.)

    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

=

Download OTListIt by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTListIt2.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.

  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".

  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.

  • It will produce two logs for you, one will pop up called OTListIt.txt, the other will be saved on your desktop and called Extras.txt.

  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!

  • Exit OTListIt2 by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check

  • Follow the onscreen instructions inside of the command window.

  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • copy of the Eset scan log

  • the contents of OTListIt.txt;

  • the contents of Extras.txt ; and

  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Thanks very much, Maurice.

I will follow your instructions and I will let you know of the results when done

I appreciate your help!

crossbow

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=6

# iexplore.exe=7.00.6000.16608 (vista_gdr.071204-1500)

# OnlineScanner.ocx=1.0.0.5863

# api_version=3.0.2

# EOSSerial=2a2b7a0102a18941bcb3c54298a6a7fc

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-06-02 01:46:41

# local_time=2009-06-01 09:46:41 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3, v.3311

# compatibility_mode=1026 21 83 97 12260070312500

# scanned=59737

# found=4

# cleaned=4

# scan_time=4264

C:\Documents and Settings\Administrator\Application Data\iolo\Installers\SearchAndRecover.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000

C:\System Volume Information\_restore{829D2448-7348-47EC-A737-4B4111BE54BA}\RP716\A0127585.exe a variant of Win32/Adware.AntiVirusPro.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000

C:\System Volume Information\_restore{829D2448-7348-47EC-A737-4B4111BE54BA}\RP716\A0127668.exe a variant of Win32/Adware.AntiVirusPro.AA application (deleted - quarantined) 00000000000000000000000000000000

C:\System Volume Information\_restore{829D2448-7348-47EC-A737-4B4111BE54BA}\RP718\A0127969.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000

Link to post
Share on other sites

OTListIt logfile created on: 6/1/2009 10:49:28 PM - Run 1

OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3, v.3311 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 62.30% Memory free

2.96 Gb Paging File | 2.67 Gb Available in Paging File | 90.16% Paging File free

Paging file location(s): C:\pagefile.sys 1905 2005 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.27 Gb Total Space | 18.34 Gb Free Space | 49.20% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: GATEWAY_COMPUTE

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/05/08 18:20:42 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2008/02/12 05:29:33 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009/05/08 10:31:09 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009/05/08 10:31:05 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2009/05/18 17:13:14 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/05/08 10:31:14 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/05/08 10:31:23 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2001/08/30 06:30:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe

PRC - [2008/02/12 05:29:59 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

PRC - [2009/06/01 22:47:51 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009/05/08 10:31:05 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])

SRV - [2009/05/08 10:31:09 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2007/10/09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008/02/12 05:29:06 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2007/10/11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2009/05/08 18:20:42 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])

SRV - [2007/10/11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Disabled | Stopped])

SRV - [2007/05/28 19:49:22 | 00,045,056 | ---- | M] (LANovation) -- C:\WINDOWS\System32\PCTKRNT.SYS -- (PictureTaker [Disabled | Stopped])

SRV - File not found -- -- (SpamdServiceControl [Disabled | Stopped])

SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [Disabled | Stopped])

SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/10/26 12:20:40 | 04,124,352 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])

DRV - [2009/05/08 10:31:24 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [system | Running])

DRV - [2009/05/08 10:31:24 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])

DRV - [2009/05/08 10:31:15 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [system | Running])

DRV - [2001/08/17 09:28:00 | 00,871,388 | ---- | M] (BCM) -- C:\WINDOWS\System32\DRIVERS\BCMDM.sys -- (BCMModem [On_Demand | Stopped])

DRV - [2002/06/19 02:19:18 | 00,070,064 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [system | Running])

DRV - [2002/06/19 02:18:28 | 00,023,420 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [system | Running])

DRV - [2007/01/25 16:04:30 | 00,005,273 | ---- | M] (Arrowkey) -- C:\Program Files\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC [Auto | Running])

DRV - [2002/06/19 02:09:04 | 00,237,568 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [system | Running])

DRV - [2001/10/17 05:03:44 | 00,025,434 | ---- | M] (D-Link Corporation. ) -- C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS -- (DLKRTS [On_Demand | Running])

DRV - [2002/06/19 02:14:20 | 00,025,226 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])

DRV - [2007/11/16 19:55:00 | 00,165,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])

DRV - [2003/03/02 18:44:26 | 00,007,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\enodpl.sys -- (enodpl [Auto | Running])

DRV - [2008/02/11 17:49:20 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\GcKernel.sys -- (GcKernel [On_Demand | Stopped])

DRV - [2009/05/30 16:10:58 | 00,015,600 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])

DRV - [2002/05/06 20:13:00 | 01,106,464 | ---- | M] (GTW) -- C:\WINDOWS\System32\DRIVERS\GWMDM.sys -- (GTWModem [On_Demand | Running])

DRV - [2001/08/17 15:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys -- (HIDSwvd [On_Demand | Stopped])

DRV - [2003/11/20 09:25:00 | 00,095,579 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])

DRV - [2002/10/15 00:00:00 | 00,013,891 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr [boot | Running])

DRV - [2002/10/15 00:00:00 | 00,101,431 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr [boot | Running])

DRV - [2007/01/23 15:44:00 | 00,020,496 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])

DRV - [2009/05/08 18:21:07 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [boot | Running])

DRV - [2007/01/23 15:45:00 | 00,034,576 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])

DRV - [2006/01/20 19:03:28 | 00,027,776 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])

DRV - [2006/01/20 19:02:58 | 00,036,608 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Stopped])

DRV - [2007/01/23 15:45:00 | 00,033,296 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])

DRV - [2006/01/20 19:03:24 | 00,069,376 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])

DRV - [2007/01/23 15:45:00 | 00,028,176 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys -- (LUsbFilt [On_Demand | Running])

DRV - [2002/06/19 02:14:14 | 00,029,446 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])

DRV - [2001/08/17 09:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])

DRV - [2008/05/16 14:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

DRV - [2000/03/22 23:42:24 | 00,044,192 | ---- | M] (PC-Doctor Inc.) -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt [On_Demand | Stopped])

DRV - [2001/08/30 06:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2002/06/19 02:14:08 | 00,127,026 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [system | Running])

DRV - [2004/08/04 01:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])

DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

DRV - [2002/04/04 13:54:30 | 00,459,944 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])

DRV - [2007/05/03 11:28:04 | 00,039,552 | R--- | M] () -- C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys -- (SRS_SSCFilter [On_Demand | Running])

DRV - [2001/08/17 15:02:56 | 00,003,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys -- (SWUSBFLT [On_Demand | Stopped])

DRV - [2003/04/19 01:32:04 | 00,004,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\tandpl.sys -- (tandpl [Auto | Running])

DRV - [2008/01/06 17:34:50 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])

DRV - [2002/06/19 02:07:42 | 00,206,336 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [system | Running])

DRV - [2003/11/20 09:26:00 | 00,122,110 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [system | Stopped])

DRV - [2003/11/20 09:26:00 | 00,099,002 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = frontier.my.yahoo.com/?_bc=1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (687 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [spyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -scan -minimized (Enigma Software Group USA, LLC.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhotoSupport present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html File not found

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html File not found

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found

O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found

O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Value error.)

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)

O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB (DoMoreRunExe.DoMoreRun)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (Reg Error: Value error.)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Reg Error: Value error.)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)

O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (Reg Error: Value error.)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Reg Error: Value error.)

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.2.cab (Reg Error: Value error.)

O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9D05A5AF-9EDE-4C7B-8108-503E25F3947E}\\Domain = domain.invalid

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O30 - LSA: Authentication Packages - (OWS\s) - File not found

O30 - LSA: Security Packages - (ecurity) - File not found

O30 - LSA: Security Packages - (Packages) - File not found

O30 - LSA: Security Packages - (settings...) - File not found

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/05/28 19:41:21 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{d09fea3c-d1bd-11dc-809b-0050baac9e22}\Shell - "" = AutoRun

O33 - MountPoints2\{d09fea3c-d1bd-11dc-809b-0050baac9e22}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{d09fea3c-d1bd-11dc-809b-0050baac9e22}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{d09fea3d-d1bd-11dc-809b-0050baac9e22}\Shell - "" = AutoRun

O33 - MountPoints2\{d09fea3d-d1bd-11dc-809b-0050baac9e22}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{d09fea3d-d1bd-11dc-809b-0050baac9e22}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL website\index.html

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - * [2009/06/01 22:47:51 | 00,000,000 | ---D | M]

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]

[2009/06/01 22:47:44 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe

[2009/06/01 20:30:35 | 00,000,000 | ---D | C] -- C:\Program Files\ESET

[2009/06/01 20:20:23 | 00,207,272 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20090601_202013.reg

[2009/06/01 19:52:22 | 09,953,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\spyhunterFULL.exe

[2009/05/31 10:25:20 | 13,325,31200 | -HS- | C] () -- C:\hiberfil.sys

[2009/05/30 15:59:03 | 00,000,848 | ---- | C] () -- C:\WINDOWS\WIN.INI

[2009/05/30 13:10:40 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll

[2009/05/30 13:09:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2009/05/30 13:05:28 | 00,000,000 | ---D | C] -- C:\SDFix

[2009/05/30 12:56:34 | 00,143,438 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SDFix_free_trojan_remover_tool___My_Anti_Spyware.htm

[2009/05/30 12:54:55 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SDFix.exe

[2009/05/30 11:45:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2009/05/30 11:44:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/05/30 11:32:34 | 00,000,000 | ---D | C] -- C:\Program Files\SmitFraudFixPro

[2009/05/29 20:56:47 | 00,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk

[2009/05/29 10:24:23 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cover Letter.doc

[2009/05/29 10:00:00 | 00,217,261 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Application.pdf

[2009/05/28 22:21:20 | 00,000,096 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\David_Gets_Green.htm

[2009/05/28 22:19:30 | 00,406,929 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\David Gets Green.mht

[2009/05/27 16:08:54 | 00,000,000 | ---D | C] -- C:\Program Files\Certblaster

[2009/05/27 10:59:58 | 00,000,535 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk

[2009/05/26 21:35:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software

[2009/05/24 10:43:07 | 00,003,918 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20090524_104300.reg

[2009/05/22 22:16:47 | 00,102,400 | ---- | C] (TechSmith Corporation) -- C:\WINDOWS\System32\tsccvid.dll

[2009/05/22 14:21:05 | 00,000,000 | ---D | C] -- C:\LearnKey

[2009/05/22 14:21:03 | 01,161,216 | ---- | C] (LearnKey, Inc.) -- C:\WINDOWS\LkMEUninst.exe

[2009/05/22 14:21:03 | 00,001,793 | ---- | C] () -- C:\WINDOWS\MasterExam.ini

[2009/05/22 14:21:03 | 00,000,216 | ---- | C] () -- C:\WINDOWS\LK_ME_Cfg.ini

[2009/05/13 12:32:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\WinNTDlls

[2009/05/13 12:32:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Win98Dlls

[2009/05/11 20:00:04 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PH Peier.doc

[2009/05/08 18:37:20 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2009/05/08 18:21:49 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2009/05/08 18:18:13 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

[2009/05/08 18:18:12 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2009/05/07 21:17:46 | 00,000,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk

[2009/05/07 20:29:55 | 00,000,000 | ---D | C] -- C:\Temp

[2009/05/07 20:28:55 | 00,000,000 | ---D | C] -- C:\Program Files\Certification Preparation

[2009/05/06 12:31:05 | 00,005,062 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CompTIA Certification Information.eml

[2009/03/06 13:25:30 | 00,010,731 | ---- | C] () -- C:\WINDOWS\PrepLogic_Cfg.ini

[2008/08/02 12:40:20 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/06/26 20:22:57 | 00,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/04/04 14:56:42 | 00,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI

[2008/03/20 20:28:52 | 00,000,023 | -HS- | C] () -- C:\WINDOWS\System32\aaefefddfb9_z.dll

[2008/03/06 21:02:08 | 00,000,321 | ---- | C] () -- C:\WINDOWS\game.ini

[2008/02/10 17:50:49 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2008/02/03 21:36:54 | 00,011,138 | ---- | C] () -- C:\WINDOWS\msvrc20.dll

[2007/12/30 13:59:15 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2007/07/01 15:08:53 | 00,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI

[2007/06/04 21:11:53 | 00,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys

[2007/06/04 21:11:53 | 00,046,592 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys

[2007/06/04 21:11:53 | 00,039,552 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys

[2007/06/04 21:11:53 | 00,037,248 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys

[2007/05/30 13:34:33 | 00,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys

[2007/05/30 13:34:32 | 00,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys

[2007/05/29 17:15:42 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\fbaabef_s.dll

[2007/05/29 12:18:56 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2007/05/29 09:25:16 | 00,011,589 | ---- | C] () -- C:\WINDOWS\hpdj6500.ini

[2007/05/29 08:29:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/05/28 19:46:35 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll

[2007/05/28 19:46:32 | 00,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys

[2007/05/28 19:46:27 | 00,000,208 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2007/05/28 19:46:22 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll

[2007/03/05 14:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[2006/10/22 13:22:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/10/22 13:22:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/10/22 13:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 13:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 13:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/10/22 13:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1979/12/31 20:00:00 | 00,000,256 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]

[2009/06/01 22:47:51 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe

[2009/06/01 20:20:30 | 00,207,272 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20090601_202013.reg

[2009/06/01 19:52:22 | 09,953,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\spyhunterFULL.exe

[2009/06/01 16:27:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/06/01 16:27:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini

[2009/06/01 16:27:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/06/01 16:27:25 | 13,325,31200 | -HS- | M] () -- C:\hiberfil.sys

[2009/06/01 12:46:48 | 36,681,232 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/05/31 21:36:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/05/31 21:04:14 | 00,063,617 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/05/31 14:21:16 | 00,000,848 | ---- | M] () -- C:\WINDOWS\WIN.INI

[2009/05/31 10:30:58 | 00,000,687 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009/05/30 14:18:12 | 00,002,665 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2

[2009/05/30 13:10:40 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll

[2009/05/30 12:56:34 | 00,143,438 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SDFix_free_trojan_remover_tool___My_Anti_Spyware.htm

[2009/05/30 12:54:55 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SDFix.exe

[2009/05/29 20:56:47 | 00,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk

[2009/05/29 15:48:10 | 00,002,471 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Excel.lnk

[2009/05/29 15:47:59 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Access.lnk

[2009/05/29 10:24:23 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cover Letter.doc

[2009/05/29 10:01:51 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word.lnk

[2009/05/29 10:00:02 | 00,217,261 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Application.pdf

[2009/05/28 22:31:24 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk

[2009/05/28 22:21:20 | 00,000,096 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\David_Gets_Green.htm

[2009/05/28 22:19:31 | 00,406,929 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\David Gets Green.mht

[2009/05/28 19:05:00 | 00,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job

[2009/05/27 10:59:58 | 00,000,535 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk

[2009/05/25 22:24:26 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\jv16 PowerTools 2009.lnk

[2009/05/25 22:11:48 | 00,317,303 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090529-155412.backup

[2009/05/24 10:43:10 | 00,003,918 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20090524_104300.reg

[2009/05/23 20:12:38 | 00,317,303 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090525-220935.backup

[2009/05/22 14:21:08 | 00,000,216 | ---- | M] () -- C:\WINDOWS\LK_ME_Cfg.ini

[2009/05/22 14:21:03 | 00,001,793 | ---- | M] () -- C:\WINDOWS\MasterExam.ini

[2009/05/16 09:04:12 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PH Peier.doc

[2009/05/15 18:21:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/05/15 12:36:32 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2009/05/11 20:57:36 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PHPeier Summary.doc

[2009/05/09 17:00:52 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PH Peier Resume with ESR.doc

[2009/05/08 18:21:28 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2009/05/08 18:21:07 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2009/05/08 18:18:12 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2009/05/08 10:31:24 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/05/08 10:31:24 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/05/08 10:31:24 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/05/08 10:31:15 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/05/07 21:17:46 | 00,000,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk

[2009/05/05 16:40:27 | 00,005,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CompTIA Certification Information.eml

========== LOP Check ==========

[2009/05/30 11:45:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data

[2009/01/04 11:11:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe

[2007/08/09 13:43:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ArcSoft

[2008/02/20 22:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics

[2007/11/18 16:07:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Avant Profiles

[2008/01/19 14:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Business Objects

[2007/05/29 12:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon

[2009/04/14 17:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Certblaster

[2009/01/04 11:11:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2008/01/19 11:05:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Download Manager

[2007/09/11 15:51:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Good Keywords v2

[2007/05/29 20:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Google

[2008/03/04 16:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gtek

[2007/05/29 08:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help

[2008/02/04 13:53:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBMERS

[2007/05/28 19:46:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities

[2009/05/24 12:01:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit

[2008/02/10 17:50:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iolo

[2008/07/09 20:53:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\K9

[2007/08/24 10:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Logitech

[2007/05/29 08:19:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia

[2008/01/19 14:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macrovision

[2009/06/01 20:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MailWasherPro

[2009/05/30 11:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2008/03/28 16:39:03 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft

[2007/05/29 08:26:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft Web Folders

[2007/10/24 10:07:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nvu

[2009/05/31 21:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12

[2007/08/21 20:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera

[2008/10/26 20:58:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orca Profiles

[2008/12/30 00:43:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCTV4Me

[2009/03/06 13:27:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PrepLogic

[2007/05/29 20:48:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Quintessential Media Player

[2007/05/29 12:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft

[2009/06/01 20:02:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software

[2008/12/07 20:58:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish

[2009/01/05 22:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Software Informer

[2007/10/16 23:07:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SoundSpectrum

[2008/07/03 20:58:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SPAMfighter

[2008/02/04 11:45:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun

[2009/05/31 21:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\U3

[2009/01/15 22:16:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue

[2008/04/04 23:17:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search

[2009/02/27 16:01:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!

[2009/06/01 20:02:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/05/08 18:18:16 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

[2009/01/04 11:12:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2008/10/06 21:28:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications

[2009/04/03 20:06:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8

[2008/06/21 16:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark

[2009/01/03 15:21:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner

[2008/03/04 16:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gtek

[2007/11/30 13:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies

[2008/02/04 13:53:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS

[2008/06/22 13:32:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield

[2008/02/10 17:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2007/06/03 11:57:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Iomatic

[2008/07/04 22:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JAM Software

[2009/05/08 18:17:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2007/10/17 21:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech

[2008/01/19 12:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision

[2009/05/30 11:44:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/04/04 23:16:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2009/01/04 11:19:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS

[2007/05/29 19:04:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA

[2008/03/02 10:44:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles

[2007/05/29 18:42:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters

[2007/07/03 21:24:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2007/08/07 11:50:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCTV4Me

[2007/05/28 23:35:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2007/08/27 20:27:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2009/06/01 20:19:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2007/06/04 21:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs

[2007/08/27 20:28:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2007/05/29 12:18:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard

[2009/05/30 16:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/06/08 18:03:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia

[2009/02/26 19:39:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webroot

[2007/05/28 21:39:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2007/07/14 14:16:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

[2009/01/02 00:02:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller

[2009/05/15 18:21:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2001/08/30 06:30:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/06/01 16:27:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009/06/01 15:26:08 | 00,032,550 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

[2009/05/28 19:05:00 | 00,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job

[2007/05/29 19:55:20 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\Desktop\mspaint.exe:SummaryInformation

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

Link to post
Share on other sites

OTListIt Extras logfile created on: 6/1/2009 10:49:28 PM - Run 1

OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3, v.3311 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 62.30% Memory free

2.96 Gb Paging File | 2.67 Gb Available in Paging File | 90.16% Paging File free

Paging file location(s): C:\pagefile.sys 1905 2005 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.27 Gb Total Space | 18.34 Gb Free Space | 49.20% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: GATEWAY_COMPUTE

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = htmlfile] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)

.url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"135:TCP" = 135:TCP:*:Enabled:DCOM(135)

"21040:TCP" = 21040:TCP:*:Enabled:BitComet 21040 TCP

"21040:UDP" = 21040:UDP:*:Enabled:BitComet 21040 UDP

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008/02/11 17:44:05 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2003/07/21 13:08:24 | 00,192,512 | ---- | M] () -- C:\Program Files\Ubi Soft\XIII\System\XIII.exe:*:Disabled:XIII

[2008/02/12 05:29:30 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test

[2008/02/11 17:44:05 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2009/05/21 03:12:44 | 01,431,040 | ---- | M] (Avant Force) -- C:\Program Files\Avant Browser\avant.exe:*:Disabled:Avant Browser

[2009/02/19 00:53:34 | 01,044,992 | ---- | M] (Quinnware) -- C:\Program Files\Quintessential Media Player\QMPlayer.exe:*:Enabled:Quintessential Media Player

[2008/10/08 02:31:50 | 18,169,048 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe:*:Enabled:MailWasher Pro

[2008/02/12 05:29:34 | 00,142,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console

[2009/05/08 10:29:46 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

[2009/05/08 10:31:14 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe

[2009/05/08 10:31:05 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe

[2009/04/02 14:53:00 | 00,868,352 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe:*:Enabled:SpyHunter

[2009/05/08 18:20:47 | 02,324,808 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional

"{01CEE7BF-C832-4EE7-BDE1-4B71F237E333}" = Certification Preparation

"{125B42B5-A494-4DF4-8CF7-19E560C61AA8}" = Microsoft Easy Assist v2

"{16610153-9935-2791-4369-463805496692}" = Tomb Raider: Anniversary

"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail

"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter

"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth

"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows

"{23B72D50-1C7E-491C-8086-9E060051D316}" = Manual CanoScan LiDE 60

"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1

"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{39DA87A1-0B26-4562-A70C-2A6147366E47}" = PC-Doctor Services

"{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}" = HP Deskjet 6500

"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter

"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic

"{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}" = Microsoft Baseline Security Analyzer 2.1

"{6FC8E98F-4E50-4927-9B0F-E761D3D4FF48}" = LearnSmart 010863

"{7148F0A8-6813-11D6-A77B-00B0D0142160}" = Java 2 Runtime Environment, SE v1.4.2_16

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}" = Do More 5.0

"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0

"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: The First Encounter

"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8CC471A6-26FD-450E-A636-D985AE467A9D}" = SRS Audio Sandbox

"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator

"{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}" = PC-Doctor Consumer UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{AB4BF4E2-89BB-44D8-8A25-404275EFD85D}" = XIII

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{BAD59025-5B73-4E12-B789-0028C5A573C2}" = PC-Doctor Diagnostics

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup

"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD5DC4AA-7D62-48D9-B756-5925471001FE}" = Microsoft OLE DB Provider for Visual FoxPro

"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1

"{D4169B61-E2CB-4E8F-957F-37F7902B5200}" = Certblaster Network+ (2005)

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{F1FBF021-B965-42D3-BF63-D7A121B5490D}" = HelpSpot

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Ad-Aware" = Ad-Aware

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Advanced SystemCare 3_is1" = Advanced SystemCare 3

"AI RoboForm" = AI RoboForm (All Users)

"AvantBrowser" = Avant Browser (remove only)

"AVG8Uninstall" = AVG Free 8.5

"BLScanPlusPro" = BLScanPlusPro: 3.1.2

"Call of Duty" = Call of Duty

"CCleaner" = CCleaner (remove only)

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Connection Booster_is1" = Connection Booster 4.0.0.0

"Defraggler" = Defraggler (remove only)

"Game Booster_is1" = Game Booster

"Gateway Desktop Manager" = Gateway Desktop Manager

"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery

"Gateway IE Customizations" = Gateway IE Customizations

"Gateway Power Management" = Gateway Power Management

"Good Keywords v2.01_is1" = Good Keywords v2.01.050107

"GTW V.92 Voicemodem" = GTW V.92 Voicemodem

"HP Deskjet 6500 Series_Driver" = HP Deskjet 6500 Series

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective

"IrfanView" = IrfanView (remove only)

"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009

"MailWasher Pro_is1" = MailWasher Pro

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"Privacy Guardian_is1" = Privacy Guardian 4.1

"PX: {5636BB0E-9EB9-4F73-A8AA-DB0B305857E7}" = Do More 5.0

"Quintessential Media Player" = Quintessential Media Player

"Registry Mechanic_is1" = Registry Mechanic 8.0

"Smart Defrag_is1" = Smart Defrag 1.11

"SystemRequirementsLab" = System Requirements Lab

"Tweak Manager_is1" = Tweak Manager 2.1

"Tweak UI 2.10" = Tweak UI

"Visual CertExam Suite_is1" = Visual CertExam Suite 1.9

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WIC" = Windows Imaging Component

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/1/2009 4:27:39 PM | Computer Name = GATEWAY_COMPUTE | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/1/2009 7:06:30 PM | Computer Name = GATEWAY_COMPUTE | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/1/2009 7:06:30 PM | Computer Name = GATEWAY_COMPUTE | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/1/2009 7:06:30 PM | Computer Name = GATEWAY_COMPUTE | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/1/2009 7:06:30 PM | Computer Name = GATEWAY_COMPUTE | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/1/2009 8:36:34 PM | Computer Name = GATEWAY_COMPUTE | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/1/2009 8:36:34 PM | Computer Name = GATEWAY_COMPUTE | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/1/2009 8:57:32 PM | Computer Name = GATEWAY_COMPUTE | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/1/2009 8:57:32 PM | Computer Name = GATEWAY_COMPUTE | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/1/2009 10:07:34 PM | Computer Name = GATEWAY_COMPUTE | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]

Error - 5/31/2009 10:09:04 AM | Computer Name = GATEWAY_COMPUTE | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss

Tcpip

Error - 5/31/2009 10:09:19 AM | Computer Name = GATEWAY_COMPUTE | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/31/2009 10:32:03 AM | Computer Name = GATEWAY_COMPUTE | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.254.1 for the Network Card with network

address 0050BAAC9E22 has been denied by the DHCP server 192.168.254.254 (The DHCP

Server sent a DHCPNACK message).

Error - 5/31/2009 8:55:29 PM | Computer Name = GATEWAY_COMPUTE | Source = Removable Storage Service | ID = 262255

Description = RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer

Micro USB Device.

Error - 5/31/2009 8:55:30 PM | Computer Name = GATEWAY_COMPUTE | Source = Removable Storage Service | ID = 262255

Description = RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer

Micro USB Device.

Error - 5/31/2009 8:55:31 PM | Computer Name = GATEWAY_COMPUTE | Source = Removable Storage Service | ID = 262255

Description = RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer

Micro USB Device.

Error - 5/31/2009 8:55:31 PM | Computer Name = GATEWAY_COMPUTE | Source = Removable Storage Service | ID = 262255

Description = RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer

Micro USB Device.

Error - 5/31/2009 11:02:54 PM | Computer Name = GATEWAY_COMPUTE | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.254.1 for the Network Card with network

address 0050BAAC9E22 has been denied by the DHCP server 192.168.254.254 (The DHCP

Server sent a DHCPNACK message).

Error - 6/1/2009 12:35:15 PM | Computer Name = GATEWAY_COMPUTE | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.254.1 for the Network Card with network

address 0050BAAC9E22 has been denied by the DHCP server 192.168.254.254 (The DHCP

Server sent a DHCPNACK message).

Error - 6/1/2009 5:31:12 PM | Computer Name = GATEWAY_COMPUTE | Source = DCOM | ID = 10010

Description = The server {6295DF2D-35EE-11D1-8707-00C04FD93327} did not register

with DCOM within the required timeout.

< End of report >

Link to post
Share on other sites

Results of screen317's Security Check version 0.98.3

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

``````````````````````````````

Windows Firewall Enabled!

WindowsLiveOneCaresafetyscanner

AVGFree8.5

Antivirus up to date!

``````````````````````````````

Anti-malware/Other Utilities Check:

``````````````````````````````

Ad-Aware

Spybot - Search & Destroy

CCleaner (remove only)

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java 2 Runtime Environment, SE v1.4.2_16

Out of date Java installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

``````````````````````````````

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe is disabled!

AVG avgwdsvc.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

AVG avgemc.exe

Spybot SDHelper is disabled!

``````````````````````````````

DNS Vulnerability Check:

``````````````````````````````

GREAT! (Very random)

Scan took 31 seconds.

`````````End of Log```````````

Link to post
Share on other sites

Hello Peter,

Let's have you do the following:

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

IF you should see a message like this:

Rookit_found.gif

then, be sure to write down fully and also copy that into your next reply here and then await for my response.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

=

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of C:\Combofix.txt

When you make a reply, use the ADDReply button at bottom of page.

Link to post
Share on other sites

Hello Maurice,

Thanks very much for your support and help. I never mentioned that I purchased originally Spyhunter 3 and asked

for their help as well.

They came up with a custom fix for me and I had to run it through their Help Desk, this was done a couple of

days ago.

I would like to give this fix a chance and see if these trojans are permanently removed. So far, so good, my

systems was restarted several times since, with no infections found each time.

I will however download the latest fix programs that you suggested and I will keep them handy, should

this problem come back

I appreciate all of your help and I will keep you posted should this thing re-appear.

Crossbow

Link to post
Share on other sites

First, a strong caution as regards the Combofix utility. Never use it without guided help from a trained helper. But also, the program changes very often and so there's no reason to get it unless it will be used immediately. Do not get it if you have no intention of following thru with my help here.

This system has an old version of Java Run-time.

Uninstall jre1.6 (or any earlier) + any other (JRE Runtime Environment ) Sun Java package via Add/Remove Programs.

If you see any other Java versions there,

such as

J2SE Runtime Environment 5.0

Java SE Runtime Environment

Java 6

uninstall all of them. After uninstalling, reboot if directed to do so.

In Windows Explorer, navigate to and delete C:\Program Files\Java <=this folder, if found.

  • Do NOT delete C:\Program Files\JavaVM <=this folder, if found!

Open an IE window and go to http://java.sun.com/javase/downloads/index.jsp

> In top of the page (second in the list), click on the Download button to the right of Java Runtime Environment (JRE) 6 Update 14

> If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content; You do not have to install the Java Web Start ActiveX Control

> Accept the license agreement

> Click on Windows Offline Installation, Multi-language and Save the file to your desktop; do not Run it.

When the download is complete, close all browser windows and double-click on the saved file to install the update.

  • Tip: Choose Custom install to select only the part(s) you need/want.

Delete the downloaded installation file after completing the above procedure and reboot if prompted to do so.

If you were /not/ prompted to reboot, please do so now.

To test your Java Run-time, you may go to this page http://www.javatester.org/version.html

When all is well, you should see Java Version: 1.6.0_14 from Sun Microsystems Inc.

=

If you have no outstanding malware-related issues, I will plan on having this thread closed.

Link to post
Share on other sites

:huh: Hello Maurice,

I will follow your advice and not use ComboFix unless directed to by an assistant.

So far so good, the Malware has not re-appeard since SpHunter ran the custom fix on

my system. One thing though: I learned quite a bit from this and I will be extremely

causious in the future.

Thanks again for your help!

crossbow ;)

Link to post
Share on other sites

Hello crossbow,

Some final follow-ups:

Go to Control Panel and Add-or-Remove programs.

Look for ESET Online scan and click the line for it. Select Change/Remove to de-install it.

OK & Exit out of Control Panel

OTListIt2 also changes as needed; and in any event, you need to de-install it.

  • Please double-click OTListIt2.exe to run it.
  • Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTListIt2 attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

We are finished here. Best regards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.