Programs won't launch, google searches redirected

sal0014 · December 29, 2009

Started having multiple problems a couple of weeks ago:

Couldn't update virus scan database
Many programs including Malwarebytes cannot be launched
Google searches are redirected to random sites (not all the time)

I've run multiple scans with different products but no luck so far.

I went through the steps as indicated and here are the results.

Couldn't run Malwarebytes

Ran Defogger to disable CD Emulator

DDS logs attached.

GMER causes reboot halfway through the scan.

Your help would be appreciated.

DDS (Ver_09-12-01.01) - NTFSx86

Run by SharKev at 22:30:16.71 on 2009-12-28

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.979 [GMT -5:00]

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Comodo\CBOClean\BOC427.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\PC Tools AntiVirus\PCTAV.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Documents and Settings\SharKev\Desktop\Defogger.exe

C:\Documents and Settings\SharKev\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun: [bOC-427] c:\progra~1\comodo\cboclean\BOC427.EXE

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN

mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"

IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: {EBB4E1D3-1238-48CA-BF0B-8B8DABC3B694} = 24.200.241.37,24.201.245.77

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

==================== Find3M ====================

============= FINISH: 22:34:32.79 ===============

Attach.zip

SpySentinel · December 30, 2009

Hi sal0014, welcome to Malwarebytes

Sorry for the delay, we have been very busy.

Download Kenco.exe to your desktop

Close all windows and run the program
It wont take long to run. Post the log it gives you ( it will also be saved in the same place as Kenco.exe

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

sal0014 · December 30, 2009

I ran Kenco & OTL, logs are attached. GMER always causes PC to shutdown during the scan, Windows error message is: Remote Procedure Call (RPC) terminated unexpectedly.

Kenco by jpshortstuff (30.12.09.1)

Log created at 11:30 on 30/12/2009 (SharKev)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========

Ad-Aware Update (Daily 1).job -> [17:31 27/12/2009] 472 bytes

Ad-Aware Update (Daily 2).job -> [17:31 27/12/2009] 472 bytes

Ad-Aware Update (Daily 3).job -> [17:31 27/12/2009] 472 bytes

Ad-Aware Update (Daily 4).job -> [17:31 27/12/2009] 472 bytes

Ad-Aware Update (Weekly).job -> [16:42 25/01/2009] 472 bytes

AppleSoftwareUpdate.job -> [17:19 12/09/2008] 284 bytes

GlaryInitialize.job -> [01:47 22/05/2009] 316 bytes

SmartDefrag.job -> [01:57 05/10/2009] 388 bytes

-=E.O.F=-

OTL logfile created on: 2009-12-30 11:37:53 AM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\SharKev\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.28 Gb Total Space | 17.14 Gb Free Space | 45.97% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: WEST413

Current User Name: SharKev

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009-12-30 11:33:47 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SharKev\desktop\OTL.exe

PRC - [2009-12-05 07:53:40 | 03,042,504 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe

PRC - [2009-12-05 07:53:38 | 06,622,920 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe

PRC - [2009-12-05 07:53:38 | 03,291,336 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe

PRC - [2009-12-05 07:53:38 | 01,282,248 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe

PRC - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009-04-16 11:27:00 | 01,505,168 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAV.exe

PRC - [2009-04-16 11:24:48 | 00,933,720 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

PRC - [2009-03-26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2008-12-12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2008-07-14 04:09:26 | 00,351,480 | ---- | M] (COMODO) -- C:\Program Files\Comodo\CBOClean\BOC427.EXE

PRC - [2008-04-13 19:12:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2009-12-30 11:33:47 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SharKev\desktop\OTL.exe

MOD - [2009-12-05 07:53:38 | 00,941,256 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll

MOD - [2009-03-26 12:04:46 | 00,194,448 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVHook.dll

MOD - [2008-04-13 19:12:10 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll

MOD - [2008-04-13 19:12:10 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll

MOD - [2008-04-13 19:12:10 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Symantec Core LC)

SRV - [2009-12-27 12:29:30 | 01,181,328 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009-12-05 07:53:38 | 03,291,336 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)

SRV - [2009-12-05 07:53:38 | 01,282,248 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)

SRV - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009-04-16 11:24:48 | 00,933,720 | ---- | M] (PC Tools Research Pty Ltd) [Auto | Running] -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe -- (PCTAVSvc)

SRV - [2009-04-02 15:10:56 | 00,656,168 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)

SRV - [2009-03-26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009-02-03 21:05:00 | 00,593,920 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)

SRV - [2008-12-12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2008-07-14 04:09:28 | 00,073,464 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\Comodo\CBOClean\BOCore.exe -- (BOCore)

SRV - [2008-06-02 22:09:38 | 00,552,960 | ---- | M] (ATI Technologies Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2007-02-02 00:09:48 | 01,204,416 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe -- (SandraTheSrv)

SRV - [2007-02-02 00:06:46 | 00,118,784 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (369962 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 12778 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)

O4 - HKLM..\Run: [bOC-427] C:\Program Files\Comodo\CBOClean\BOC427.EXE (COMODO)

O4 - HKLM..\Run: [PCTAVApp] C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)

O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 72 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0...inAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-07-08 22:24:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008-07-08 22:08:16 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (85853372590063616)

========== Files/Folders - Created Within 14 Days ==========

[2009-12-30 11:33:44 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SharKev\Desktop\OTL.exe

[2009-12-30 11:30:35 | 00,044,347 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\SharKev\Desktop\Kenco.exe

[2009-12-29 19:21:26 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\SharKev\Recent

[2009-12-28 21:20:30 | 00,000,000 | ---D | C] -- C:\MGtools

[2009-12-28 21:19:14 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009-12-28 20:45:14 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009-12-28 20:43:56 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009-12-28 20:43:56 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009-12-28 20:43:54 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009-12-28 20:42:08 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009-12-28 20:35:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-12-28 20:35:51 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-12-28 20:35:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009-12-28 18:37:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2009-12-28 00:59:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009-12-27 16:37:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SharKev\Application Data\OnlineArmor

[2009-12-27 16:37:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor

[2009-12-27 16:36:10 | 00,029,776 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys

[2009-12-27 16:36:10 | 00,024,656 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys

[2009-12-27 16:36:09 | 00,223,312 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys

[2009-12-27 16:36:08 | 00,000,000 | ---D | C] -- C:\Program Files\Tall Emu

[2009-12-27 16:28:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SharKev\Application Data\PC Tools

[2009-12-27 16:24:51 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys

[2009-12-27 16:24:50 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys

[2009-12-27 16:24:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2009-12-27 16:24:36 | 00,028,560 | ---- | C] (PC Tools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\AVHook.sys

[2009-12-27 16:24:36 | 00,021,904 | ---- | C] (PC Tools Research Pty Ltd) -- C:\WINDOWS\System32\drivers\AVFilter.sys

[2009-12-27 16:24:36 | 00,021,904 | ---- | C] (PC Tools Research Pty Ltd ) -- C:\WINDOWS\System32\drivers\AVRec.sys

[2009-12-27 16:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\PC Tools AntiVirus

[2009-12-27 16:24:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2009-12-27 15:48:54 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2009-12-27 15:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SharKev\Application Data\AVG8

[2009-12-27 15:07:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SharKev\Application Data\Registry Mechanic

[2009-12-27 12:27:13 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

[2009-12-27 12:26:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009-12-26 15:29:54 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin

[2009-12-26 15:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX

[2009-12-26 11:13:27 | 00,000,000 | ---D | C] -- C:\Garmin

[2009-12-26 10:23:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SharKev\Application Data\Download Manager

[2009-12-26 09:26:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SharKev\Application Data\GARMIN

[2008-09-24 22:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2008-07-09 12:16:34 | 00,131,072 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

[2008-07-08 22:27:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2008-07-08 22:27:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008-07-08 22:13:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2008-07-08 22:13:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009-12-30 11:35:23 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\SharKev\Desktop\gmer.zip

[2009-12-30 11:33:47 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SharKev\Desktop\OTL.exe

[2009-12-30 11:30:36 | 00,044,347 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\SharKev\Desktop\Kenco.exe

[2009-12-30 11:27:56 | 00,011,775 | ---- | M] () -- C:\WINDOWS\BOC427.INI

[2009-12-30 11:22:47 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2009-12-30 11:22:35 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-12-30 11:19:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-12-30 11:19:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-12-30 11:19:09 | 16,101,41696 | -HS- | M] () -- C:\hiberfil.sys

[2009-12-29 19:21:48 | 08,650,752 | ---- | M] () -- C:\Documents and Settings\SharKev\ntuser.dat

[2009-12-29 19:21:48 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\SharKev\ntuser.ini

[2009-12-29 19:21:39 | 13,373,642 | -H-- | M] () -- C:\Documents and Settings\SharKev\Local Settings\Application Data\IconCache.db

[2009-12-29 18:51:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009-12-29 18:51:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2009-12-29 18:51:20 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2009-12-29 18:51:20 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2009-12-29 18:51:19 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2009-12-28 23:05:56 | 00,001,134 | ---- | M] () -- C:\Documents and Settings\SharKev\Desktop\Attach.zip

[2009-12-28 22:29:35 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\SharKev\Desktop\dds.scr

[2009-12-28 22:28:10 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\SharKev\defogger_reenable

[2009-12-28 22:27:34 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\SharKev\Desktop\Defogger.exe

[2009-12-28 21:34:00 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\SharKev\Local Settings\Application Data\housecall.guid.cache

[2009-12-28 21:23:35 | 00,097,403 | ---- | M] () -- C:\MGlogs.zip

[2009-12-28 20:57:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-12-28 20:45:24 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009-12-28 19:25:10 | 02,386,270 | ---- | M] () -- C:\MGtools.exe

[2009-12-28 00:57:24 | 00,744,853 | ---- | M] () -- C:\Documents and Settings\SharKev\Desktop\PAVARK.exe

[2009-12-27 22:34:14 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job

[2009-12-27 16:37:13 | 00,101,476 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx

[2009-12-27 16:36:28 | 00,426,206 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-12-27 16:36:28 | 00,065,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-12-27 16:24:37 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus.lnk

[2009-12-27 16:19:32 | 00,000,613 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-12-27 16:19:32 | 00,000,211 | ---- | M] () -- C:\Boot.bak

[2009-12-27 16:07:38 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009-12-27 12:27:10 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2009-12-27 10:22:36 | 00,000,127 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2009-12-27 09:32:16 | 00,369,962 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2009-12-23 23:08:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009-12-19 17:40:24 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\SharKev\My Documents\DVD List.doc

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009-12-30 11:35:19 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\SharKev\Desktop\gmer.zip

[2009-12-28 23:05:56 | 00,001,134 | ---- | C] () -- C:\Documents and Settings\SharKev\Desktop\Attach.zip

[2009-12-28 22:29:21 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\SharKev\Desktop\dds.scr

[2009-12-28 22:28:10 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\SharKev\defogger_reenable

[2009-12-28 22:27:23 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\SharKev\Desktop\Defogger.exe

[2009-12-28 21:34:00 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\SharKev\Local Settings\Application Data\housecall.guid.cache

[2009-12-28 21:20:35 | 00,097,403 | ---- | C] () -- C:\MGlogs.zip

[2009-12-28 20:45:24 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2009-12-28 20:45:17 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009-12-28 20:43:56 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009-12-28 20:43:56 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2009-12-28 19:25:06 | 02,386,270 | ---- | C] () -- C:\MGtools.exe

[2009-12-27 16:24:51 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat

[2009-12-27 16:24:37 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus.lnk

[2009-12-27 12:31:12 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2009-12-27 12:31:11 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2009-12-27 12:31:11 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2009-12-27 12:31:10 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2009-12-27 12:27:10 | 00,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2009-12-13 13:54:32 | 00,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009-12-13 09:24:30 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI

[2008-12-14 08:34:37 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008-07-29 08:10:43 | 00,011,775 | ---- | C] () -- C:\WINDOWS\BOC427.INI

[2008-07-20 08:50:02 | 00,006,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys

[2008-07-12 08:21:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll

[2008-07-09 20:21:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008-07-09 19:59:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI

[2008-07-09 18:56:04 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2008-07-09 17:18:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI

[2008-07-09 01:29:58 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2008-07-08 23:12:58 | 00,000,052 | ---- | C] () -- C:\WINDOWS\stci.ini

[1999-01-22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008-12-14 09:25:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOC427

[2009-12-28 00:59:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor

[2008-07-21 17:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2009-12-30 11:25:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009-04-29 19:13:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009-12-27 12:27:15 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

[2009-12-26 11:41:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SharKev\Application Data\GARMIN

[2009-12-13 09:05:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SharKev\Application Data\GlarySoft

[2009-05-12 20:55:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SharKev\Application Data\IObit

[2009-12-27 16:37:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SharKev\Application Data\OnlineArmor

[2009-12-27 15:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SharKev\Application Data\Registry Mechanic

[2009-12-27 15:24:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SharKev\Application Data\Uniblue

[2009-12-29 18:51:19 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job

[2009-12-29 18:51:20 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job

[2009-12-29 18:51:20 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job

[2009-12-29 18:51:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job

[2009-12-29 18:51:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2009-12-30 11:22:47 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

[2009-12-27 22:34:14 | 00,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2009-12-28 19:25:10 | 02,386,270 | ---- | M] () -- C:\MGtools.exe

< MD5 for: AGP440.SYS >

[2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys

[2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004-08-04 01:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: AHCIX86.SYS >

[2008-03-07 20:24:52 | 00,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-6_xp32_dd_ccc_wdm_enu_64783\SBDrv\RAID7xx\x86\ahcix86.sys

< MD5 for: ATAPI.SYS >

[2003-03-31 07:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\Program Files\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS

[2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\MGtools\temp\ERDNT\atapi.sys

[2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\MGtools\temp\SPF\atapi.sys

[2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys

[2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

[2004-08-04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\MGtools\temp\NTSPU\atapi.sys

[2004-08-04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008-04-13 19:11:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\erdnt\cache\eventlog.dll

[2008-04-13 19:11:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008-04-13 19:11:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004-08-04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008-04-13 19:12:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\erdnt\cache\netlogon.dll

[2008-04-13 19:12:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008-04-13 19:12:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2003-03-31 07:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\Program Files\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL

[2004-08-04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >

[2004-08-04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2003-03-31 07:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\Program Files\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL

[2008-04-13 19:12:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\erdnt\cache\scecli.dll

[2008-04-13 19:12:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008-04-13 19:12:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIAMRAID.SYS >

[2008-01-22 14:02:24 | 00,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=3A82A61E312ADDB3BE8F1FE3481842B1 -- C:\Program Files\VIA\VIA_HyperionPro_V518A\VRAIDDrv\2K\viamraid.sys

[2008-01-22 14:02:24 | 00,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=3A82A61E312ADDB3BE8F1FE3481842B1 -- C:\Program Files\VIA\VIA_HyperionPro_V518A\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys

[2008-01-22 14:02:24 | 00,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=3A82A61E312ADDB3BE8F1FE3481842B1 -- C:\Program Files\VIA\VIA_HyperionPro_V518A\VRAIDDrv\SRV2003\x86\viamraid.sys

[2008-01-22 14:02:24 | 00,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=3A82A61E312ADDB3BE8F1FE3481842B1 -- C:\Program Files\VIA\VIA_HyperionPro_V518A\VRAIDDrv\XP\x86\viamraid.sys

[2007-12-20 10:02:18 | 00,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\Program Files\VIA\VIA_HyperionPro_V518A\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys

[2007-12-20 10:02:18 | 00,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\Program Files\VIA\VIA_HyperionPro_V518A\VRAIDDrv\NT4\viamraid.sys

[2008-01-02 11:14:54 | 00,135,112 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=E5BE7E6A3A5B3904260223A44E3D33DA -- C:\Program Files\VIA\VIA_HyperionPro_V518A\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys

[2008-01-02 11:14:54 | 00,135,112 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=E5BE7E6A3A5B3904260223A44E3D33DA -- C:\Program Files\VIA\VIA_HyperionPro_V518A\VRAIDDrv\VISTA\x86\viamraid.sys

< MD5 for: VIPRT.SYS >

[2008-04-03 15:42:34 | 00,053,248 | ---- | M] (VIA Technologies, Inc.) MD5=682D704CA5B1FEDE6C4BEF0E2188745C -- C:\Program Files\VIA\VIA_HyperionPro_V518A\SATAIDE\SRV2003\ViPrt.sys

[2008-04-03 15:42:34 | 00,053,248 | ---- | M] (VIA Technologies, Inc.) MD5=682D704CA5B1FEDE6C4BEF0E2188745C -- C:\Program Files\VIA\VIA_HyperionPro_V518A\SATAIDE\W2K\ViPrt.sys

[2008-04-03 15:42:34 | 00,053,248 | ---- | M] (VIA Technologies, Inc.) MD5=682D704CA5B1FEDE6C4BEF0E2188745C -- C:\Program Files\VIA\VIA_HyperionPro_V518A\SATAIDE\WXP\ViPrt.sys

[2008-06-05 10:44:36 | 00,056,984 | ---- | M] (VIA Technologies, Inc.) MD5=9F9EE4DDDF11B9D6C47D0339703D200C -- C:\Program Files\VIA\VIA_HyperionPro_V518A\SATAIDE\VISTA\ViPrt.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\SharKev\Desktop\PAVARK.exe:License

< End of report >

OTL Extras logfile created on: 2009-12-30 11:37:53 AM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\SharKev\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.28 Gb Total Space | 17.14 Gb Free Space | 45.97% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: WEST413

Current User Name: SharKev

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service -- (SiSoftware)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{11051835-560C-9E8F-C9B5-C376F4A46580}" = Catalyst Control Center Graphics Previews Common

"{16D354E4-63D4-B300-AFBC-8D22A94CE6D6}" = ccc-utility

"{1C2CD847-D196-079D-E004-C1D82B57E3A7}" = Catalyst Control Center Graphics Full Existing

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 17

"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1

"{29A8473B-3D25-4915-9A2B-0CF50CE0DCFC}" = Reel Deal Casino - Championship Edition

"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{37E9E443-FA8E-095F-CF2A-90A18B0B206B}" = CCC Help English

"{448A1BF6-B110-5C4B-2220-30F5ECE6DD83}" = Catalyst Control Center Core Implementation

"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2

"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC

"{4F3C8CEE-89D6-891E-D728-80A8CF0DCB32}" = ccc-core-preinstall

"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes

"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective

"{654870E9-EF38-D3B3-328C-ABA367163D15}" = Catalyst Control Center Graphics Full New

"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools

"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task

"{8CD8CCC0-3C5C-DF21-DAC3-D5834E803F1E}" = Catalyst Control Center Graphics Light

"{8F6A89F1-F04A-6FD8-1802-D7D5BAE382E1}" = ccc-core-static

"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS

"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library

"{A17FD8C6-1AC2-46E7-AD0A-70C602C3504D}" = Hoyle Friday Night Poker

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3EAB67E-9B37-4B74-AFE6-D418D5F6F3D4}" = Hoyle Puzzle Games 2005

"{AC0C7D59-DE76-4AC0-9A84-A3B4D315CE11}" = ArcSoft Media Card Companion

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support

"{B3B20D3D-92F9-5EBA-B557-CECA02984F05}" = Catalyst Control Center HydraVision Full

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}" = Hoyle Card Games 2005

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XI.SP1 (Win64/32/CE)

"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC

"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{F0601E2E-8FB3-1C63-F72D-54EB2F908767}" = Skins

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FB1CCBED-FA66-4D30-BFD7-EF20AD0A81FE}" = Hoyle Board Games 2005

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"Ad-Aware" = Ad-Aware

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced SystemCare 3_is1" = Advanced SystemCare 3

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"Card & Board Deluxe 2" = Card & Board Deluxe 2

"CBOClean" = BOClean

"CCleaner" = CCleaner

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"eGames GameButler" = eGames GameButler

"ERUNT_is1" = ERUNT 1.1j

"Glary Utilities_is1" = Glary Utilities 2.13.0.686

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1

"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX

"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX

"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX

"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective

"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX

"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX

"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library

"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX

"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO

"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Visual C++ 6.0 Docs" = Microsoft Visual C++ 6.0 Docs

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSI Live Update 3" = MSI Live Update 3

"NEC DISPLAY SOLUTIONS Drivers" = NEC DISPLAY SOLUTIONS: Monitor Installer

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NirSoft SmartSniff" = NirSoft SmartSniff

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OnlineArmor_is1" = Online Armor 4.0

"PC Alert 4" = PC Alert 4

"PC Tools AntiVirus_is1" = PC Tools AntiVirus 6.1

"PE Builder_is1" = PE Builder 3.1.10a

"Smart Defrag_is1" = Smart Defrag 1.20

"SpywareBlaster_is1" = SpywareBlaster 4.2

"Starcraft" = Starcraft

"Trivial Pursuit Millennium Edition" = Trivial Pursuit Millennium Edition

"Visual C++ 6.0 Introductory Edition" = Microsoft Visual C++ 6.0 Introductory Edition

"WebSTAR Uninstall" = Scientific Atlanta WebSTAR 100 & 200 series Cable Modem

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinZip" = WinZip

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2009-12-15 10:54:46 PM | Computer Name = WEST413 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 2009-12-15 11:11:21 PM | Computer Name = WEST413 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 2009-12-15 11:36:06 PM | Computer Name = WEST413 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 2009-12-16 12:06:10 AM | Computer Name = WEST413 | Source = Application Error | ID = 1000

Description = Faulting application mbam.exe, version 1.42.0.0, faulting module unknown,

version 0.0.0.0, fault address 0x00000000.

Error - 2009-12-27 1:28:10 PM | Computer Name = WEST413 | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 2009-12-27 1:35:08 PM | Computer Name = WEST413 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 2009-12-27 5:41:02 PM | Computer Name = WEST413 | Source = Application Error | ID = 1000

Description = Faulting application oaui.exe, version 4.0.0.15, faulting module oaui.exe,

version 4.0.0.15, fault address 0x00005270.

Error - 2009-12-27 6:04:56 PM | Computer Name = WEST413 | Source = Application Error | ID = 1000

Description = Faulting application oaui.exe, version 4.0.0.15, faulting module oaui.exe,

version 4.0.0.15, fault address 0x00005270.

Error - 2009-12-28 12:59:22 AM | Computer Name = WEST413 | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 2009-12-28 9:47:03 PM | Computer Name = WEST413 | Source = Application Error | ID = 1000

Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,

version 0.0.0.0, fault address 0x00085cd9.

[ System Events ]

Error - 2009-12-28 11:39:33 PM | Computer Name = WEST413 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the BOCore service to connect.

Error - 2009-12-28 11:53:43 PM | Computer Name = WEST413 | Source = ati2mtag | ID = 45062

Description = CRT invalid display type

Error - 2009-12-28 11:54:23 PM | Computer Name = WEST413 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the BOCore service to connect.

Error - 2009-12-28 11:59:45 PM | Computer Name = WEST413 | Source = ati2mtag | ID = 45062

Description = CRT invalid display type

Error - 2009-12-28 11:59:55 PM | Computer Name = WEST413 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the BOCore service to connect.

Error - 2009-12-29 6:22:58 PM | Computer Name = WEST413 | Source = ati2mtag | ID = 45062

Description = CRT invalid display type

Error - 2009-12-29 6:23:10 PM | Computer Name = WEST413 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the BOCore service to connect.

Error - 2009-12-29 7:20:21 PM | Computer Name = WEST413 | Source = ati2mtag | ID = 45062

Description = CRT invalid display type

Error - 2009-12-30 12:19:17 PM | Computer Name = WEST413 | Source = ati2mtag | ID = 45062

Description = CRT invalid display type

Error - 2009-12-30 12:19:29 PM | Computer Name = WEST413 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the BOCore service to connect.

< End of report >

:lol:

SpySentinel · December 30, 2009

Download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

sal0014 · December 30, 2009

Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

sal0014 · December 30, 2009

ComboFix 09-12-29.06 - SharKev 2009-12-30 16:38:14.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1165 [GMT -5:00]

Running from: C:\Documents and Settings\SharKev\Desktop\ComboFix.exe

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

.

sal0014 · December 30, 2009

Sorry having a bad day here, the first run of ComboFix was missing the log, here is the complete log.

ComboFix 09-12-29.06 - SharKev 2009-12-30 18:05:37.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1126 [GMT -5:00]

Running from: c:\documents and settings\SharKev\Desktop\ComboFix.exe

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

.

((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))

.

2009-12-29 02:20 . 2009-12-29 02:23 97403 ----a-w- C:\MGlogs.zip

2009-12-29 02:20 . 2009-12-29 02:23 -------- d-----w- C:\MGtools

2009-12-29 01:35 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-29 01:35 . 2009-12-29 01:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-29 01:35 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-29 00:25 . 2009-12-29 00:25 2386270 ----a-w- C:\MGtools.exe

2009-12-28 23:39 . 2009-12-28 23:39 52224 ----a-w- c:\documents and settings\SharKev\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2009-12-28 23:37 . 2009-12-28 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-28 05:59 . 2009-12-30 23:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-27 21:37 . 2009-12-28 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor

2009-12-27 21:37 . 2009-12-27 21:37 -------- d-----w- c:\documents and settings\SharKev\Application Data\OnlineArmor

2009-12-27 21:36 . 2009-12-05 12:28 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys

2009-12-27 21:36 . 2009-12-05 12:27 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys

2009-12-27 21:36 . 2009-12-05 12:27 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys

2009-12-27 21:36 . 2009-12-27 21:36 -------- d-----w- c:\program files\Tall Emu

2009-12-27 21:28 . 2009-12-27 21:28 -------- d-----w- c:\documents and settings\SharKev\Application Data\PC Tools

2009-12-27 21:24 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-12-27 21:24 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-12-27 21:24 . 2009-12-27 21:24 -------- d-----w- c:\program files\Common Files\PC Tools

2009-12-27 21:24 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys

2009-12-27 21:24 . 2009-02-10 15:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys

2009-12-27 21:24 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys

2009-12-27 21:24 . 2009-12-30 22:55 -------- d-----w- c:\program files\PC Tools AntiVirus

2009-12-27 21:24 . 2009-12-27 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-12-27 20:48 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll

2009-12-27 20:48 . 2009-12-27 20:48 -------- d-----w- c:\program files\Alwil Software

2009-12-27 20:11 . 2009-12-27 20:11 -------- d-----w- c:\documents and settings\SharKev\Application Data\AVG8

2009-12-27 20:07 . 2009-12-27 20:07 -------- d-----w- c:\documents and settings\SharKev\Application Data\Registry Mechanic

2009-12-27 17:27 . 2009-12-27 17:27 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2009-12-27 17:27 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

2009-12-27 17:26 . 2009-12-27 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-12-26 20:29 . 2009-12-26 20:29 -------- d-----w- c:\program files\Garmin

2009-12-26 20:11 . 2009-12-26 20:11 -------- d-----w- c:\program files\DIFX

2009-12-26 16:13 . 2009-12-26 20:24 -------- d-----w- C:\Garmin

2009-12-26 15:23 . 2009-12-26 16:16 -------- d-----w- c:\documents and settings\SharKev\Application Data\Download Manager

2009-12-26 14:26 . 2009-12-26 16:41 -------- d-----w- c:\documents and settings\SharKev\Application Data\GARMIN

2009-12-15 01:05 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2009-12-14 23:31 . 2009-12-14 23:31 152576 ----a-w- c:\documents and settings\SharKev\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-14 23:30 . 2009-12-14 23:30 79488 ----a-w- c:\documents and settings\SharKev\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-13 19:58 . 2009-12-13 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-13 16:10 . 2009-12-13 16:10 -------- d-----w- c:\program files\NirSoft

2009-12-13 16:09 . 2009-12-13 16:56 -------- d-----w- c:\program files\Support Tools

2009-12-02 02:03 . 2009-12-28 23:39 117760 ----a-w- c:\documents and settings\SharKev\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-12-02 02:02 . 2009-12-02 02:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-30 21:35 . 2008-07-22 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-29 00:27 . 2008-07-23 23:27 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-12-28 05:50 . 2008-07-09 04:50 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-12-28 03:09 . 2008-07-31 00:58 -------- d-----w- c:\program files\pebuilder3110a

2009-12-27 21:56 . 2008-07-29 13:10 -------- d-----w- c:\program files\Comodo

2009-12-27 20:24 . 2008-12-31 19:55 -------- d-----w- c:\documents and settings\SharKev\Application Data\Uniblue

2009-12-27 17:26 . 2008-07-20 13:39 -------- d-----w- c:\program files\Lavasoft

2009-12-27 14:33 . 2008-07-29 13:24 -------- d-----w- c:\program files\SpywareBlaster

2009-12-15 00:49 . 2009-12-15 00:49 4600 ----a-w- c:\documents and settings\All Users\Application Data\xml7F.tmp

2009-12-15 00:49 . 2009-12-15 00:49 14808 ----a-w- c:\documents and settings\All Users\Application Data\xml7E.tmp

2009-12-14 23:33 . 2008-07-29 14:28 -------- d-----w- c:\program files\Java

2009-12-13 14:09 . 2009-03-05 01:17 -------- d-----w- c:\program files\QuickTime

2009-12-13 14:05 . 2009-05-22 01:51 -------- d-----w- c:\documents and settings\SharKev\Application Data\GlarySoft

2009-12-02 13:19 . 2009-01-25 16:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-12-02 02:03 . 2008-07-23 23:27 -------- d-----w- c:\documents and settings\SharKev\Application Data\SUPERAntiSpyware.com

2009-11-21 15:51 . 2003-03-31 16:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-10-29 07:46 . 2003-03-31 16:00 832512 ------w- c:\windows\system32\wininet.dll

2009-10-29 07:46 . 2009-04-29 23:43 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:46 . 2003-03-31 16:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-10-21 05:38 . 2008-07-09 13:26 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2008-07-09 13:26 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2008-07-09 13:27 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:30 . 2003-03-31 16:00 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2003-03-31 16:00 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2003-03-31 16:00 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 09:17 . 2008-11-28 23:32 411368 ----a-w- c:\windows\system32\deploytk.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BOC-427"="c:\progra~1\Comodo\CBOClean\BOC427.EXE" [2008-07-14 351480]

"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168]

"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]

@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"<NO NAME>"=

"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"<NO NAME>"=

"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\RpcSandraSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\Win32\\RpcDataSrv.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-25 64288]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-27 4:24 PM 206256]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-12-27 4:36 PM 223312]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-12-27 4:36 PM 24656]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-12-27 4:36 PM 29776]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-11-23 8:43 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-11-23 8:43 AM 74480]

R3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [2009-02-28 9:00 AM 9728]

R3 WebSTARXP;Scientific Atlanta WebSTAR 100 & 200 series Cable Modem;c:\windows\system32\drivers\SACMXP1.sys [2003-11-20 3:01 PM 14848]

S2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [2008-07-29 8:10 AM 73464]

S2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2009-12-27 4:36 PM 1282248]

S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2009-12-27 4:36 PM 3291336]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-02 8:19 AM 1181328]

S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\PC Alert 4\NTGLM7X.SYS [2008-07-20 8:43 AM 22048]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 8:43 AM 7408]

S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;c:\windows\system32\drivers\WebSTAR.sys [2008-07-08 15417]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BOCDRIVE

.

Contents of the 'Scheduled Tasks' folder

2009-12-30 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2009-12-30 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2009-12-30 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2009-12-30 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2009-12-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2009-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-12-30 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2009-05-22 15:50]

2009-12-28 c:\windows\Tasks\SmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-10-05 13:22]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

uInternet Settings,ProxyOverride = *.local

LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

.

------- File Associations -------

.

txtfile=c:\windows\NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\mgtools\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-30 18:13

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(460)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(516)

c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

- - - - - - - > 'explorer.exe'(960)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-12-30 18:16:46

ComboFix-quarantined-files.txt 2009-12-30 23:16

Pre-Run: 18,551,314,944 bytes free

Post-Run: 18,524,881,920 bytes free

- - End Of File - - 60783788008F209CFE6DE20388BD07E8

SpySentinel · December 31, 2009

Hi sal0014,

Hope you have a Happy New Year

Launch Malwarebytes' Anti-Malware

If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

sal0014 · January 1, 2010

Malwarebytes' Anti-Malware 1.43

Database version: 3465

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

2009-12-31 5:04:40 PM

mbam-log-2009-12-31 (17-04-40).txt

Scan type: Quick Scan

Objects scanned: 103406

Time elapsed: 14 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Thursday, December 31, 2009

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Thursday, December 31, 2009 22:11:15

Records in database: 3420436

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

Scan statistics:

Objects scanned: 64796

Threats found: 1

Infected objects found: 1

Suspicious objects found: 0

Scan duration: 02:24:30

File name / Threat / Threats count

C:\MGtools.exe Infected: Trojan-Dropper.Win32.Agent.bjzb 1

Selected area has been scanned.

SpySentinel · January 1, 2010

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

sal0014 · January 1, 2010

Happy New Year, here are the files

info.txt logfile of random's system information tool 1.06 2010-01-01 08:52:30

======Uninstall list======

-->C:\Program Files\PC Tools AntiVirus\unins000.exe /LOG

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}

Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}

Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"

Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ArcSoft Media Card Companion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC0C7D59-DE76-4AC0-9A84-A3B4D315CE11}\Setup.exe" -l0x9

ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6974

ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

BOClean-->C:\WINDOWS\UNBOC.EXE

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033

Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}

Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}

Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}

Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}

Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}

Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}

Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}

Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}

Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}

Card & Board Deluxe 2-->C:\PROGRA~1\GAMES\CARD&B~1\UNWISE.EXE C:\PROGRA~1\GAMES\CARD&B~1\INSTALL.LOG

Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}

Command and ConquerTM Generals Zero Hour-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}

DAO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}

Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409

eGames GameButler-->C:\PROGRA~1\GAMES\GAMEBU~1\UNWISE.EXE C:\PROGRA~1\GAMES\GAMEBU~1\INSTALL.LOG

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

Garmin POI Loader-->MsiExec.exe /X{328019A7-0012-401D-96A2-4CDDD02675A8}

Garmin USB Drivers-->MsiExec.exe /X{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}

Glary Utilities 2.13.0.686-->"C:\Program Files\Glary Utilities\unins000.exe"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hoyle Board Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB1CCBED-FA66-4D30-BFD7-EF20AD0A81FE}\setup.exe" -l0x9

Hoyle Card Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}\setup.exe" -l0x9 -removeonly

Hoyle Friday Night Poker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A17FD8C6-1AC2-46E7-AD0A-70C602C3504D}\setup.exe" -l0x9 -removeonly

Hoyle Puzzle Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3EAB67E-9B37-4B74-AFE6-D418D5F6F3D4}\setup.exe" -l0x9

iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 6.0 Docs-->"C:\Program Files\Microsoft Visual Studio\MSDN98\VC6intro\1033\Setup\Setup.exe"

Microsoft Visual C++ 6.0 Introductory Edition-->"C:\Program Files\Microsoft Visual Studio\VC98\Setup\1033\Setup.exe"

MSI Live Update 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"

NEC DISPLAY SOLUTIONS: Monitor Installer-->C:\Program Files\NEC DISPLAY SOLUTIONS\Drivers\Uninstall.exe

Nero OEM-->C:\Program Files\Nero Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

NirSoft SmartSniff-->"C:\Program Files\NirSoft\SmartSniff\uninst.exe"

Online Armor 4.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"

PC Alert 4-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\PC Alert 4\Uninst.isu"

PC Tools AntiVirus 6.1-->"C:\Program Files\PC Tools AntiVirus\unins000.exe"

PE Builder 3.1.10a-->"C:\Program Files\pebuilder3110a\unins000.exe"

QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly

Reel Deal Casino - Championship Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29A8473B-3D25-4915-9A2B-0CF50CE0DCFC}\setup.exe" -l0x9

Scientific Atlanta WebSTAR 100 & 200 series Cable Modem-->UNDPX.EXE

Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"

SiSoftware Sandra Lite XI.SP1 (Win64/32/CE)-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\unins000.exe"

Smart Defrag 1.20-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"

Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"

Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat

SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Trivial Pursuit Millennium Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Trivial Pursuit Millennium Edition\TPuninst.isu"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"

VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_8E661E05CC789A6D1B8ABAA087CF60EDD72AC35D\grmnusb.inf

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Support Tools-->MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======Security center information======

AV: PC Tools AntiVirus 6.1.0.25

FW: Online Armor Firewall

======System event log======

Computer Name: WEST413

Event Code: 45062

Message: CRT invalid display type

Record Number: 24480

Source Name: ati2mtag

Time Written: 20091206205756.000000-300

Event Type: error

User:

Computer Name: WEST413

Event Code: 45062

Message: CRT invalid display type

Record Number: 24470

Source Name: ati2mtag

Time Written: 20091206164018.000000-300

Event Type: error

User:

Computer Name: WEST413

Event Code: 45062

Message: CRT invalid display type

Record Number: 24452

Source Name: ati2mtag

Time Written: 20091206154949.000000-300

Event Type: error

User:

Computer Name: WEST413

Event Code: 45062

Message: CRT invalid display type

Record Number: 24427

Source Name: ati2mtag

Time Written: 20091205095048.000000-300

Event Type: error

User:

Computer Name: WEST413

Event Code: 45062

Message: CRT invalid display type

Record Number: 24398

Source Name: ati2mtag

Time Written: 20091205021717.000000-300

Event Type: error

User:

=====Application event log=====

Computer Name: WEST413

Event Code: 1524

Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 7772

Source Name: Userenv

Time Written: 20090217031318.000000-300

Event Type: warning

User: WEST413\SharKev

Computer Name: WEST413

Event Code: 1517

Message: Windows saved user WEST413\SharKev registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 7746

Source Name: Userenv

Time Written: 20090216085912.000000-300

Event Type: warning

User: NT AUTHORITY\SYSTEM

Computer Name: WEST413

Event Code: 1524

Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 7745

Source Name: Userenv

Time Written: 20090216085906.000000-300

Event Type: warning

User: WEST413\SharKev

Computer Name: WEST413

Event Code: 1517

Message: Windows saved user WEST413\SharKev registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 7706

Source Name: Userenv

Time Written: 20090213014038.000000-300

Event Type: warning

User: NT AUTHORITY\SYSTEM

Computer Name: WEST413

Event Code: 1524

Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 7705

Source Name: Userenv

Time Written: 20090213014033.000000-300

Event Type: warning

User: WEST413\SharKev

=====Security event log=====

Computer Name: WEST413

Event Code: 514

Message: An authentication package has been loaded by the Local Security Authority.

This authentication package will be used to authenticate logon attempts.

Authentication Package Name: C:\WINDOWS\system32\schannel.dll : Microsoft Unified Security Protocol Provider

Record Number: 49459

Source Name: Security

Time Written: 20091227123206.000000-300

Event Type: audit success

User: NT AUTHORITY\SYSTEM

Computer Name: WEST413

Event Code: 514

Message: An authentication package has been loaded by the Local Security Authority.

This authentication package will be used to authenticate logon attempts.

Authentication Package Name: C:\WINDOWS\system32\msv1_0.dll : NTLM

Record Number: 49458

Source Name: Security

Time Written: 20091227123206.000000-300

Event Type: audit success

User: NT AUTHORITY\SYSTEM

Computer Name: WEST413

Event Code: 514

Message: An authentication package has been loaded by the Local Security Authority.

This authentication package will be used to authenticate logon attempts.

Authentication Package Name: C:\WINDOWS\system32\kerberos.dll : Kerberos

Record Number: 49457

Source Name: Security

Time Written: 20091227123206.000000-300

Event Type: audit success

User: NT AUTHORITY\SYSTEM

Computer Name: WEST413

Event Code: 514

Message: An authentication package has been loaded by the Local Security Authority.

This authentication package will be used to authenticate logon attempts.

Authentication Package Name: C:\WINDOWS\system32\LSASRV.dll : Negotiate

Record Number: 49456

Source Name: Security

Time Written: 20091227123206.000000-300

Event Type: audit success

User: NT AUTHORITY\SYSTEM

Computer Name: WEST413

Event Code: 513

Message: Windows is shutting down.

All logon sessions will be terminated by this shutdown.

Record Number: 49455

Source Name: Security

Time Written: 20091227123114.000000-300

Event Type: audit success

User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Support Tools

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=0602

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)

Run by SharKev at 2010-01-01 08:51:36

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 18 GB (46%) free of 38 GB

Total RAM: 1535 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:52:26 AM, on 2010-01-01

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Comodo\CBOClean\BOCORE.exe

C:\PROGRA~1\Comodo\CBOClean\BOC427.EXE

C:\Program Files\PC Tools AntiVirus\PCTAV.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\SharKev\Desktop\RSIT.exe

C:\Program Files\trend micro\SharKev.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.EXE

O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0...inAxControl.CAB

O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)

--

End of file - 5486 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"BOC-427"=C:\PROGRA~1\Comodo\CBOClean\BOC427.EXE [2008-07-14 351480]

"PCTAVApp"=C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2009-04-16 1505168]

"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-12-05 6622920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-06-02 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

"HonorAutoRunSetting"=

"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"

"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open - C:\WINDOWS\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-01-01 08:51:38 ----D---- C:\Program Files\trend micro

2010-01-01 08:51:36 ----D---- C:\rsit

2009-12-30 18:34:35 ----SHD---- C:\RECYCLER

2009-12-30 18:16:49 ----D---- C:\WINDOWS\temp

2009-12-30 18:16:47 ----A---- C:\ComboFix.txt

2009-12-30 18:04:24 ----A---- C:\WINDOWS\zip.exe

2009-12-30 18:04:24 ----A---- C:\WINDOWS\SWSC.exe

2009-12-30 18:04:24 ----A---- C:\WINDOWS\SWREG.exe

2009-12-30 18:04:24 ----A---- C:\WINDOWS\sed.exe

2009-12-30 18:04:24 ----A---- C:\WINDOWS\PEV.exe

2009-12-30 18:04:24 ----A---- C:\WINDOWS\NIRCMD.exe

2009-12-30 18:04:24 ----A---- C:\WINDOWS\MBR.exe

2009-12-30 18:04:24 ----A---- C:\WINDOWS\grep.exe

2009-12-30 18:04:11 ----D---- C:\Qoobox

2009-12-28 21:20:30 ----D---- C:\MGtools

2009-12-28 20:45:24 ----A---- C:\Boot.bak

2009-12-28 20:45:14 ----RASHD---- C:\cmdcons

2009-12-28 20:35:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-12-28 19:25:06 ----A---- C:\MGtools.exe

2009-12-28 18:37:45 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-28 00:59:31 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-12-27 16:37:06 ----D---- C:\Documents and Settings\SharKev\Application Data\OnlineArmor

2009-12-27 16:37:06 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor

2009-12-27 16:36:08 ----D---- C:\Program Files\Tall Emu

2009-12-27 16:28:11 ----D---- C:\Documents and Settings\SharKev\Application Data\PC Tools

2009-12-27 16:24:37 ----D---- C:\Program Files\Common Files\PC Tools

2009-12-27 16:24:24 ----D---- C:\Program Files\PC Tools AntiVirus

2009-12-27 16:24:24 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools

2009-12-27 15:48:58 ----A---- C:\WINDOWS\system32\MFC71.dll

2009-12-27 15:48:54 ----D---- C:\Program Files\Alwil Software

2009-12-27 15:11:18 ----D---- C:\Documents and Settings\SharKev\Application Data\AVG8

2009-12-27 15:07:38 ----D---- C:\Documents and Settings\SharKev\Application Data\Registry Mechanic

2009-12-27 12:27:13 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2009-12-27 12:26:39 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2009-12-26 15:29:54 ----D---- C:\Program Files\Garmin

2009-12-26 15:11:03 ----D---- C:\Program Files\DIFX

2009-12-26 11:13:27 ----D---- C:\Garmin

2009-12-26 10:23:52 ----D---- C:\Documents and Settings\SharKev\Application Data\Download Manager

2009-12-26 09:26:16 ----D---- C:\Documents and Settings\SharKev\Application Data\GARMIN

2009-12-14 19:49:28 ----A---- C:\Documents and Settings\All Users\Application Data\xml7F.tmp

2009-12-14 19:49:11 ----A---- C:\Documents and Settings\All Users\Application Data\xml7E.tmp

2009-12-14 18:33:58 ----A---- C:\WINDOWS\system32\javaws.exe

2009-12-14 18:33:58 ----A---- C:\WINDOWS\system32\javaw.exe

2009-12-14 18:33:58 ----A---- C:\WINDOWS\system32\java.exe

2009-12-13 16:43:15 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-12-13 14:58:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-12-13 13:54:32 ----A---- C:\WINDOWS\wininit.ini

2009-12-13 11:10:48 ----D---- C:\Program Files\NirSoft

2009-12-13 11:09:14 ----D---- C:\Program Files\Support Tools

2009-12-13 09:24:30 ----A---- C:\WINDOWS\cfplogvw.INI

======List of files/folders modified in the last 1 months======

2010-01-01 08:51:38 ----RD---- C:\Program Files

2010-01-01 08:50:59 ----D---- C:\WINDOWS\system32\CatRoot2

2010-01-01 08:48:51 ----A---- C:\WINDOWS\BOC427.INI

2010-01-01 08:47:06 ----D---- C:\WINDOWS

2009-12-31 20:08:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-12-31 13:38:26 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-12-30 23:40:26 ----D---- C:\WINDOWS\Prefetch

2009-12-30 23:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-30 19:51:31 ----D---- C:\WINDOWS\system32\drivers

2009-12-30 19:07:41 ----D---- C:\Program Files\SpywareBlaster

2009-12-30 18:34:59 ----SD---- C:\WINDOWS\Tasks

2009-12-30 18:13:04 ----A---- C:\WINDOWS\system.ini

2009-12-30 18:10:30 ----D---- C:\WINDOWS\system32

2009-12-30 18:10:30 ----D---- C:\WINDOWS\AppPatch

2009-12-30 18:10:26 ----D---- C:\Program Files\Common Files

2009-12-30 18:04:17 ----D---- C:\WINDOWS\erdnt

2009-12-28 20:45:24 ----RASH---- C:\boot.ini

2009-12-28 19:27:24 ----D---- C:\Program Files\SUPERAntiSpyware

2009-12-28 00:50:26 ----SHD---- C:\WINDOWS\Installer

2009-12-28 00:50:25 ----D---- C:\Program Files\Common Files\Symantec Shared

2009-12-27 22:09:23 ----D---- C:\Program Files\pebuilder3110a

2009-12-27 16:56:43 ----D---- C:\Program Files\Comodo

2009-12-27 16:19:32 ----A---- C:\WINDOWS\win.ini

2009-12-27 15:49:36 ----D---- C:\WINDOWS\system32\config

2009-12-27 15:24:34 ----D---- C:\Documents and Settings\SharKev\Application Data\Uniblue

2009-12-27 12:30:39 ----HD---- C:\WINDOWS\inf

2009-12-27 12:30:16 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-12-27 12:26:39 ----D---- C:\Program Files\Lavasoft

2009-12-26 15:25:03 ----SD---- C:\Documents and Settings\SharKev\Application Data\Microsoft

2009-12-14 20:07:32 ----RSHD---- C:\WINDOWS\system32\dllcache

2009-12-14 20:06:07 ----HD---- C:\WINDOWS\$hf_mig$

2009-12-14 18:33:46 ----D---- C:\Program Files\Java

2009-12-13 11:09:16 ----D---- C:\WINDOWS\Help

2009-12-13 09:09:26 ----D---- C:\Program Files\Windows Media Player

2009-12-13 09:09:26 ----D---- C:\Program Files\QuickTime

2009-12-13 09:05:40 ----D---- C:\Documents and Settings\SharKev\Application Data\Macromedia

2009-12-13 09:05:06 ----D---- C:\Documents and Settings\SharKev\Application Data\GlarySoft

2009-12-12 18:33:24 ----D---- C:\WINDOWS\Debug

2009-12-12 03:34:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-12-10 19:52:28 ----D---- C:\WINDOWS\system32\en-us

2009-12-10 19:52:28 ----D---- C:\Program Files\Internet Explorer

2009-12-10 19:52:02 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]

R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []

R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []

R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]

R2 AVFilter;AVFilter; C:\WINDOWS\system32\drivers\AVFilter.sys [2009-02-10 21904]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-03 3100160]

R3 AVHook;AVHook; C:\WINDOWS\system32\drivers\AVHook.sys [2009-02-10 28560]

R3 AVRec;AVRec; C:\WINDOWS\system32\drivers\AVRec.sys [2009-02-10 21904]

R3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 viafilter;VIA USB Filter; C:\WINDOWS\System32\Drivers\viausb1.sys [2001-09-19 9728]

R3 WebSTARXP;Scientific Atlanta WebSTAR 100 & 200 series Cable Modem; C:\WINDOWS\system32\DRIVERS\SACMXP1.sys [2003-11-20 14848]

S3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINDOWS\system32\drivers\ATIRWVD.SYS []

S3 catchme;catchme; \??\C:\DOCUME~1\SharKev\LOCALS~1\Temp\catchme.sys []

S3 CoolerXPDriver;CoolerXPDriver; \??\C:\Program Files\MSI\PC Alert 4\NTCooler.sys []

S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []

S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]

S3 PCAlertDriver;PCAlertDriver; \??\C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys []

S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []

S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-10 32000]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]

S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]

S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter; C:\WINDOWS\System32\DRIVERS\WebSTAR.sys [2003-03-03 15417]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]

R2 BOCore;BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [2008-07-14 73464]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248]

R2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [2009-04-16 933720]

R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-02 552960]

S3 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-27 1181328]

S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe [2007-02-02 118784]

S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe [2007-02-02 1204416]

S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe []

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

racerjack · January 1, 2010

I'm having the same problem:

1. Malwarebytes cannot be launched, responds with Error code 730 (0,0)

2. Google searches are redirected to random sites (not all the time)

Should I follow the same steps or do you need to see the logs from my PC as well?

Thanks for your help!

Jack

sal0014 · January 1, 2010

Follow the instructions at the URL below, you will be requested to do a couple of scans then there will be instructions to post a new topic which will be reviewed by one of the experts who will give you further instructions.

http://www.malwarebytes.org/forums/index.php?showtopic=9573

racerjack · January 1, 2010

Follow the instructions at the URL below, you will be requested to do a couple of scans then there will be instructions to post a new topic which will be reviewed by one of the experts who will give you further instructions.
http://www.malwarebytes.org/forums/index.php?showtopic=9573

Thanks!

SpySentinel · January 1, 2010

@racerjack,

sal0014 is correct, please follow those instructions, and do not post in someones HJT Log thread.

sal0014, How is your computer running?

sal0014 · January 2, 2010

The last couple of days everything seems to be normal. Appreciate your help.

sal0014 · January 2, 2010

Should I uninstall ComboFix now?

SpySentinel · January 3, 2010

Your log looks clean, Great Job :welcome:

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Now for some cleanup..

Please download OTC and save it to Desktop.

Please make sure you are connecting to the Internet
Double-click OTC.exe
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes

Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

Go to Start > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then go to Start > Run and type: Cleanmgr
Click "OK".
Click the "More Options" Tab.
Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
  2. Change the Download signed ActiveX controls to Prompt
  3. Change the Download unsigned ActiveX controls to Disable
  4. Change the Initialize and script ActiveX controls not marked as safe to Disable
  5. Change the Installation of desktop items to Prompt
  6. Change the Launching programs and files in an IFRAME to Prompt
  7. Change the Navigate sub-frames across different domains to Prompt
  8. When all these settings have been made, click on the OK button.
  9. If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
- Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
- Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

[*]McAfee Site Advisor <= McAfee Site Advisor protects your browser against malicious sites and warns you when you go to one.

[*]MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

[*]Malwarebytes

SpySentinel · January 17, 2010

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Programs won't launch, google searches redirected

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information