Jump to content

Recommended Posts

I'm running the latest (1.46) version of Malwarebytes.

I'm also running Norton AV 2010 (latest version).

Norton ignores wmpscfgs.exe but MBAM keeps asking if I want to quarantine wmpscfgs.exe. I tell it yes. The next time I reboot the virus is detected again by MBAM.

A description in PREVx seems to say that this virus creates many files/copies of itself under different names so removing it may be a problem.

I've read the previous post by Kahdah and am following it.

I'll post the results to this post in case I need to ask more questions.

Thanks in advance for your help.

Link to post
Share on other sites

Hello jimnall! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

Please follow these instructions:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

I'm running the latest (1.46) version of Malwarebytes.

I'm also running Norton AV 2010 (latest version).

Norton ignores wmpscfgs.exe but MBAM keeps asking if I want to quarantine wmpscfgs.exe. I tell it yes. The next time I reboot the virus is detected again by MBAM.

A description in PREVx seems to say that this virus creates many files/copies of itself under different names so removing it may be a problem.

I've read the previous post by Kahdah and am following it.

I'll post the results to this post in case I need to ask more questions.

Thanks in advance for your help.

OTL.TXT

OTL logfile created on: 5/23/2010 2:22:38 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = D:\COMPUTER\Anti-Virus antiSpyantiSpam\OTL

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 45.49 Gb Free Space | 61.04% Space Free | Partition Type: NTFS

Drive D: | 298.09 Gb Total Space | 67.80 Gb Free Space | 22.74% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MSI-6400

Current User Name: jim nall

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\COMPUTER\Anti-Virus antiSpyantiSpam\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Prevx\prevx.exe (Prevx)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

PRC - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)

PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

PRC - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)

PRC - C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe (Ipswitch)

PRC - C:\Program Files\TrueSwitchEsaya\TrueWizard.exe (Esaya)

PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Yahoo!\Search Protection\searchprotection.exe (Yahoo! Inc)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\DualCoreCenter.exe ()

PRC - C:\Program Files\MSI\DigiCell\DigiCell.exe ()

PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)

PRC - C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\drgtodsc.exe (Roxio)

PRC - C:\Program Files\ScanSoft\OmniPageSE2.0\opwarese2.exe (ScanSoft, Inc.)

PRC - C:\WINDOWS\system32\umonit.exe (General)

========== Modules (SafeList) ==========

MOD - D:\COMPUTER\Anti-Virus antiSpyantiSpam\OTL\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll (ScanSoft, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)

SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)

SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)

========== Driver Services (SafeList) ==========

DRV - (pxrts) -- C:\WINDOWS\system32\drivers\pxrts.sys (Prevx)

DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)

DRV - (pxkbf) -- C:\WINDOWS\system32\drivers\pxkbf.sys (Prevx)

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100523.004\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100523.004\NAVENG.SYS (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS (Symantec Corporation)

DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20100429.001\BHDrvx86.sys (Symantec Corporation)

DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\Ironx86.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SRTSPX.SYS (Symantec Corporation)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\ccHPx86.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMDS.SYS (Symantec Corporation)

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100513.002\IDSXpx86.sys (Symantec Corporation)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (Cdralw2k) -- C:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions)

DRV - (Cdr4_xp) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)

DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (RushTopDevice2) -- C:\Program Files\ATI Technologies\ATI.ACE\RushTop.sys (Your Corporation)

DRV - (DualCoreCenter) -- C:\Program Files\ATI Technologies\ATI.ACE\NTGLM7X.sys (MICRO-STAR INT'L CO., LTD.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)

DRV - (nvata) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)

DRV - (DigiCellDriver) -- C:\Program Files\MSI\DigiCell\NTGLM7X.sys (Your Corporation)

DRV - (cdudf_xp) -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys (Roxio)

DRV - (dvd_2K) -- C:\WINDOWS\system32\drivers\dvd_2k.sys (Roxio)

DRV - (DVDVRRdr_xp) -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)

DRV - (UDFReadr) -- C:\WINDOWS\system32\drivers\Udfreadr.sys (Roxio)

DRV - (mmc_2K) -- C:\WINDOWS\system32\drivers\mmc_2k.sys (Roxio)

DRV - (pwd_2k) -- C:\WINDOWS\system32\drivers\Pwd_2k.sys (Roxio)

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (fixustor) -- C:\WINDOWS\system32\drivers\fixustor.sys (Genesys Logic)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/17 11:34:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\IPSFFPlgn\ [2010/04/26 18:07:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/09 09:46:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/05/03 22:31:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)

O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)

O4 - HKLM..\Run: [NWEReboot] File not found

O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [uMonit] C:\WINDOWS\system32\umonit.exe (General)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\searchprotection.exe (Yahoo! Inc)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\ATI Technologies\ATI.ACE\StartUpDualCoreCenter.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\jim nall\Start Menu\Programs\Startup\TrueAssistant.lnk = C:\Program Files\TrueSwitchEsaya\TrueWizard.exe (Esaya)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1261948522796 (MUCatalogWebControl Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1260844933624 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1260844921389 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitch.com/TrueInstall.exe (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop BackupWallPaper: D:\PICTURES\GOD Paints\Burtchart Gardens.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/14 21:30:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/03/28 13:05:32 | 000,000,000 | ---D | M] - D:\Auto RV Truck -- [ NTFS ]

O33 - MountPoints2\{83fdb14d-ec31-11de-bbd3-0019dbcf6414}\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found

O33 - MountPoints2\{ccb4f8aa-ebf2-11de-bbd2-0019dbcf6414}\Shell - "" = AutoRun

O33 - MountPoints2\{ccb4f8aa-ebf2-11de-bbd2-0019dbcf6414}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ccb4f8aa-ebf2-11de-bbd2-0019dbcf6414}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/14 15:09:27 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (56308550258917376)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 13:05:20 | 000,061,440 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll

[2010/05/23 13:05:20 | 000,057,248 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys

[2010/05/23 13:05:20 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys

[2010/05/23 13:05:19 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys

[2010/05/23 13:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx

[2010/05/23 13:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI

[2010/05/22 20:15:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jim nall\Recent

[2010/05/20 17:07:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/20 17:07:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/20 17:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/03 22:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/05/03 22:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar

[2010/05/03 22:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer

[2010/05/03 22:29:06 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/04/28 15:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim nall\Local Settings\Application Data\Yahoo!

[2010/04/26 16:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim nall\My Documents\Ipswitch WS_FTP 12

[2010/04/26 16:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim nall\My Documents\OpenOffice.org 3.2 (en-US) Installation Files

[2010/04/26 12:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2010/04/26 12:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\W3i

[2010/04/26 12:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i

[2010/04/26 11:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Free ISO Creator

[2010/04/24 16:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\TrueSwitch

[2010/04/24 16:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim nall\Application Data\TrueSwitch

[2010/04/24 16:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\TrueSwitchEsaya

[2010/04/24 10:01:33 | 000,000,000 | ---D | C] -- C:\backup boot ini

[2010/04/23 18:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Yahoo

[2010/04/23 18:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Winamp Toolbar

[2010/04/23 18:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010/05/23 13:43:23 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\jim nall\NTUSER.DAT

[2010/05/23 13:05:20 | 000,061,440 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll

[2010/05/23 13:05:20 | 000,057,248 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys

[2010/05/23 13:05:20 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys

[2010/05/23 13:05:19 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys

[2010/05/23 13:05:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010/05/23 13:00:10 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010/05/23 12:58:13 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/23 12:54:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/23 12:53:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/23 12:53:53 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2010/05/23 00:28:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jim nall\ntuser.ini

[2010/05/23 00:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/05/22 23:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010/05/22 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010/05/22 21:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010/05/22 20:16:23 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100522_201616.reg

[2010/05/22 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010/05/22 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010/05/22 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010/05/22 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010/05/22 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010/05/22 15:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010/05/22 12:16:34 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\reg052210.reg

[2010/05/21 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010/05/21 01:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/05/20 19:46:35 | 000,642,842 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\Cat.DB

[2010/05/20 19:46:26 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK

[2010/05/20 17:07:22 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/20 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010/05/20 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010/05/19 22:06:35 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\whois search.doc

[2010/05/19 22:06:13 | 000,017,455 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\whois search.odt

[2010/05/19 11:06:30 | 000,001,264 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr

[2010/05/19 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010/05/18 18:30:15 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100518_183011.reg

[2010/05/18 18:27:18 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\jim nall\Desktop\CCleaner.lnk

[2010/05/15 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010/05/15 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010/05/14 16:06:44 | 000,854,150 | ---- | M] () -- C:\00.bmp

[2010/05/14 01:36:08 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\isolate.ini

[2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symtdi.sys

[2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symtdiv.sys

[2010/05/05 23:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys

[2010/05/05 23:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symnetv.inf

[2010/05/05 23:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symnet.inf

[2010/05/03 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010/05/03 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010/05/03 07:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2010/05/03 06:48:38 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2010/05/03 06:48:38 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2010/04/29 16:16:57 | 000,007,601 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\ironx86.sys

[2010/04/29 00:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\iron.cat

[2010/04/29 00:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\iron.inf

[2010/04/27 22:32:28 | 000,032,636 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100427_223224.reg

[2010/04/26 11:57:33 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\jim nall\Desktop\Free ISO Creator.lnk

[2010/04/26 03:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symefa.cat

[2010/04/25 11:58:38 | 000,005,866 | --S- | M] () -- C:\Documents and Settings\jim nall\My Documents\Untitled.rcl

[2010/04/25 11:32:11 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2010/04/24 16:16:55 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\jim nall\Start Menu\Programs\Startup\TrueAssistant.lnk

[2010/04/24 16:16:54 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TrueSwitch Wizard.lnk

[2010/04/24 12:05:29 | 000,044,332 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\Recent History norton av 2010 4-24.2010

[2010/04/24 06:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symefa.inf

[2010/04/23 16:55:52 | 006,453,916 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\Recent History norton av 2010 4-23-10.mcf

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/22 20:16:20 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100522_201616.reg

[2010/05/22 12:16:34 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\reg052210.reg

[2010/05/20 17:07:22 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/19 22:06:32 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\whois search.doc

[2010/05/19 21:29:38 | 000,017,455 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\whois search.odt

[2010/05/18 18:30:14 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100518_183011.reg

[2010/05/05 12:55:13 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\jim nall\Desktop\Volume Control.lnk

[2010/05/03 21:33:52 | 000,002,230 | ---- | C] () -- C:\Documents and Settings\jim nall\Desktop\Nero Burning ROM.lnk

[2010/04/29 16:16:57 | 000,001,264 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.usr

[2010/04/27 22:32:26 | 000,032,636 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100427_223224.reg

[2010/04/26 16:55:34 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\jim nall\Desktop\Windows Media Player.lnk

[2010/04/26 11:57:33 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\jim nall\Desktop\Free ISO Creator.lnk

[2010/04/25 11:58:38 | 000,005,866 | --S- | C] () -- C:\Documents and Settings\jim nall\My Documents\Untitled.rcl

[2010/04/25 11:32:11 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2010/04/24 16:13:35 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\jim nall\Start Menu\Programs\Startup\TrueAssistant.lnk

[2010/04/24 16:13:34 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TrueSwitch Wizard.lnk

[2010/04/24 12:05:20 | 000,044,332 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\Recent History norton av 2010 4-24.2010

[2010/04/23 16:55:50 | 006,453,916 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\Recent History norton av 2010 4-23-10.mcf

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2010/04/23 14:37:10 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2010/02/27 12:14:34 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2010/02/17 14:35:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2010/02/11 18:16:45 | 000,026,491 | ---- | C] () -- C:\WINDOWS\CSTBox.INI

[2010/01/03 11:37:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/12/21 16:03:11 | 000,000,559 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini

[2009/12/20 19:53:40 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2009/12/20 19:53:21 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

[2009/12/20 19:40:17 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2009/12/20 19:36:46 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL

[2009/12/18 11:31:27 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/12/17 12:10:54 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2009/12/17 11:50:44 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI

[2009/12/17 11:50:32 | 000,000,066 | ---- | C] () -- C:\WINDOWS\EPSC66PE.ini

[2009/12/17 11:44:42 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini

[2009/12/15 10:46:31 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll

[2009/12/14 22:05:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2006/08/10 18:58:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WlanInstallDll.dll

[2005/11/30 04:49:56 | 000,161,792 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll

[2005/04/27 13:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2004/09/10 17:34:26 | 000,220,160 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll

[2002/12/10 01:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL

[2002/12/10 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL

[2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

[2001/08/23 07:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2001/08/23 07:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2001/08/23 07:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2001/08/23 07:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2001/08/23 07:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

========== LOP Check ==========

[2010/01/24 14:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2010/01/19 17:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure

[2009/12/18 13:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2010/03/23 16:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData

[2009/12/18 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes

[2010/01/19 16:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2009/12/25 17:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark

[2010/05/23 13:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI

[2009/12/20 19:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2009/12/20 19:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard

[2009/12/25 15:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames

[2009/12/27 10:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2010/04/26 12:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i

[2010/04/02 15:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Azureus

[2010/05/18 10:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Canon

[2010/04/09 14:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\DAK

[2010/01/19 16:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\DriverCure

[2010/05/14 17:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\FileVOoM

[2009/12/17 11:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Leadertech

[2009/12/19 16:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\OpenOffice.org

[2009/12/20 19:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\ScanSoft

[2009/12/27 23:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\SolSuite

[2010/01/08 11:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Tific

[2010/04/24 16:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\TrueSwitch

[2009/12/27 10:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Ulead Systems

[2010/05/23 00:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2010/05/03 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2010/05/19 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2010/05/20 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2010/05/20 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2010/05/23 13:00:10 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2010/05/23 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2010/05/22 15:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2010/05/22 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2010/05/22 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2010/05/22 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2010/05/21 01:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2010/05/22 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2010/05/22 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2010/05/22 21:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2010/05/22 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2010/05/22 23:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2010/05/21 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2010/05/15 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2010/05/15 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2010/05/03 06:48:38 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2010/05/03 06:48:38 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2010/05/03 07:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2010/05/03 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2009/12/14 22:27:08 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2009/12/14 22:27:08 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys

[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >

[2009/12/14 22:27:08 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2009/12/14 22:27:08 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2001/08/23 07:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS

[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL

[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >

[2006/08/21 05:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >

[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL

[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< End of report >

Extras.txt

OTL Extras logfile created on: 5/23/2010 2:22:39 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = D:\COMPUTER\Anti-Virus antiSpyantiSpam\OTL

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 45.49 Gb Free Space | 61.04% Space Free | Partition Type: NTFS

Drive D: | 298.09 Gb Total Space | 67.80 Gb Free Space | 22.74% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MSI-6400

Current User Name: jim nall

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe" = C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe:*:Enabled:Symantec Service Framework -- File not found

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Yahoo!\Messenger\yahoomessenger .exe" = C:\Program Files\Yahoo!\Messenger\yahoomessenger .exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00C95D52-2172-B580-CDD3-695DDAA193BC}" = CCC Help English

"{02B232C3-46A6-03C0-EEB6-2F518E329457}" = Catalyst Control Center HydraVision Full

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6

"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0EC8FEB1-5F6C-C110-26E3-98688B131C7B}" = Catalyst Control Center Core Implementation

"{10f7091e-f017-4f66-94bc-88efd353ca60}" = Nero 9

"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0

"{1C4B921A-724F-742D-A848-87BA42680DCA}" = CCC Help Korean

"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls

"{21AA8C0C-0700-0434-A439-95A735A805D0}" = CCC Help Italian

"{234305B0-B206-26E0-263D-D62F89E58493}" = CCC Help Spanish

"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 20

"{2AEB1EAF-9E1C-4361-8562-5AC7AE6AC177}" = ATI AVIVO Codecs

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{318089B6-063F-5F09-F84E-742AAA512F3B}" = CCC Help Thai

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode

"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{3794889D-F4E3-C5CD-D3B0-B605D137BD9E}" = CCC Help Polish

"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series

"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser

"{3C105379-729D-992E-AFF1-3AD9D9CD5847}" = ccc-utility

"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{3F7022C8-0E0B-DD89-0424-4DDBBEAE9662}" = Catalyst Control Center Graphics Full Existing

"{3F80E737-C04B-742F-39CF-16D472780D2F}" = CCC Help Greek

"{4003780A-8579-4701-B397-C76725BB44B1}" = CCC Help Japanese

"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series

"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision

"{47B02FDB-17F9-A8BE-23C9-B080313DA1BD}" = CCC Help Portuguese

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5192AB64-1154-5D5B-9292-E9DF51AE4759}" = Catalyst Control Center Localization All

"{533EA890-F246-66D0-DBD2-C87078C5991B}" = CCC Help Chinese Standard

"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater

"{54C1F42B-0BA1-7CB2-F175-C2B69D7FF74E}" = ccc-core-preinstall

"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard

"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder

"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager

"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2

"{6D2C2571-E4F0-41C6-9B01-95629C06C738}" = LS_HSI

"{6E535222-B704-F8CB-C235-70CB58C362D9}" = CCC Help Swedish

"{70B59829-7C8F-C378-B9F0-78E5C9879224}" = CCC Help Russian

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77251F6F-90CB-C80D-D709-701517C6FF36}" = ccc-core-static

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{79A3E128-DE54-2E2A-99F8-37F7872A26FD}" = CCC Help Norwegian

"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0

"{7AC64083-A73C-FA07-7BE9-BEFDBDCA393F}" = CCC Help Dutch

"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune

"{80D12CA0-52A2-4E50-9379-3B101D53B8BA}" = CCC Help French

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{8D05DE05-5FC1-6C0C-8DA1-807BE4EE72BB}" = CCC Help Finnish

"{96F56519-91DF-4D42-A36D-3D4BCA0B8329}" = DAK Wave MP3 Editor PRO v6.1b

"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap

"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget

"{A083E0DD-212F-F991-EC8D-673DDD3BD9F5}" = Catalyst Control Center Graphics Light

"{A1AEDF29-CC4F-CB06-227C-ACE1C3F92A8E}" = CCC Help Hungarian

"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A409609F-E81D-B613-B7AE-89D28DAAFD26}" = CCC Help Danish

"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12

"{ADF62610-0391-4ABA-E67C-8DF8F51F897E}" = CCC Help German

"{B15F6758-D185-4377-9F3A-7B30B03E9A97}" = MSI DigiCell

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm

"{BAD68DAA-DA40-3681-996C-7B91959EC9CA}" = Catalyst Control Center Graphics Full New

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax

"{CB543BA1-82D4-4B45-96BF-30D0E5ED220A}" = InstallIQ Updater

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF7D89CA-6AB3-FD7E-903B-1821EE6453B5}" = CCC Help Chinese Traditional

"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM

"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding

"{D8A6B20B-C028-9C52-41BF-CA706A666B45}" = CCC Help Czech

"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime

"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live

"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder

"{E13FD48B-341E-0A3F-5306-C407E60AB28F}" = CCC Help Turkish

"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

"{EF714D4E-B503-D848-73DD-2FE18ECA7BFB}" = Catalyst Control Center Graphics Previews Common

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F4862B43-A087-4826-8C50-D41646EC7728}" = Roxio Easy Media Creator 7 Basic Edition

"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status

"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack

"{F8EFF5E4-9B76-417B-A0BC-325659CFDA82}" = ImageMate 8 in 1 Read/Writer (SDDR-88)

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 4.57

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"BurnInTest_is1" = BurnInTest v6.0 Pro

"CCleaner" = CCleaner

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"DAKDePopper3" = DAK DePopper 3.x

"Dell_HostCD" = Dell Printer Software Uninstall

"DualCoreCenter_is1" = DualCoreCenter

"EPSON Printer and Utilities" = EPSON Printer Software

"FixUstor" = Generic USB Mass Storage Patch Driver

"Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8

"HP Imaging Device Functions" = HP Imaging Device Functions 5.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune

"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)

"Liveupdate4_is1" = Liveupdate4

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2

"NAV" = Norton AntiVirus

"NVIDIA Drivers" = NVIDIA Drivers

"PCSI" = Prevx

"PE Builder_is1" = PE Builder 3.1.10a

"PerformanceTest 7_is1" = PerformanceTest v7.0

"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.

1" = Adobe Photoshop.com Inspiration Browser

"PPTView97" = Microsoft PowerPoint Viewer 97

"RealVNC_is1" = VNC Free Edition 4.1.3

"SolSuite" = SolSuite

"Trailer Life Directory Campground Navigator 2008_is1" = Trailer Life Directory Campground Navigator 2008

"TrueSwitch Wizard" = TrueSwitch Wizard

"Vuze" = Vuze

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinZip" = WinZip

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Search Defender" = Yahoo! Search Protection

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Detector Plug-in

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/26/2010 6:36:39 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2010 6:36:43 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 4/27/2010 11:42:06 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2010 11:42:10 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 4/27/2010 11:42:15 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2010 11:42:18 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 4/29/2010 5:19:31 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2010 5:19:35 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 4/29/2010 5:26:20 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2010 5:26:22 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

[ System Events ]

Error - 5/20/2010 8:45:41 PM | Computer Name = MSI-6400 | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring

the volume.

Error - 5/20/2010 8:46:29 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Cdr4_xp

Error - 5/20/2010 9:00:00 PM | Computer Name = MSI-6400 | Source = Schedule | ID = 7901

Description = The At21.job command failed to start due to the following error: %%2147942402

Error - 5/20/2010 10:00:00 PM | Computer Name = MSI-6400 | Source = Schedule | ID = 7901

Description = The At22.job command failed to start due to the following error: %%2147942402

Error - 5/21/2010 9:54:03 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Cdr4_xp

Error - 5/22/2010 12:30:20 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Cdr4_xp

Error - 5/22/2010 1:12:27 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Cdr4_xp

Error - 5/23/2010 | Computer Name = MSI-6400 | Source = Schedule | ID = 7901

Description = The At24.job command failed to start due to the following error: %%2147942402

Error - 5/23/2010 1:02:00 AM | Computer Name = MSI-6400 | Source = Schedule | ID = 7901

Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 5/23/2010 1:55:08 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Cdr4_xp

< End of report >

Link to post
Share on other sites

Please use ADDREPLY button, not NEWTOPIC .

Now:

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.