Jump to content

I've Got A Problem


Recommended Posts

MBAM removed some infected files, and things seemed to be ok again. Avira and MBAM detect no other malware or infected files.

Only my computer sometimes, if left alone long enough, goes into what I call a "sombie state, " (no controls work) where it needs to be restarted (and I can't turn it off, except by manually turning it off)....

Additionally, there is DEFINITELY malware on the system because of fake "registry error" warnings, telling me to download this, or that, etc.......

Sometimes my browser opens up to a page with a video on it where they're trying to sell me some &^%^(........

Help!

I appreciate anything you can tell me. Below is a Hijack This Log................

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:25:17 PM, on 8/24/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe

C:\xampp\apache\bin\apache.exe

C:\Program Files\Network Associates\PGPNT\PGPtray.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\xampp\mysql\bin\mysqld.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\Program Files\Speed Disk\nopdb.exe

C:\WINDOWS\system32\svchost.exe

C:\xampp\apache\bin\apache.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O1 - Hosts: ?# Copyright © 1993-1999 Microsoft Corp.

O1 - Hosts: :: 1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: 100% Free Chess Toolbar Helper - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - C:\Program Files\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: 100% Free Chess Toolbar - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program Files\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Comp User\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe -a

O4 - HKCU\..\Run: [PlaxoSysTray] C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoSysTray.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE

O4 - Global Startup: PGPtray.lnk = C:\Program Files\Network Associates\PGPNT\PGPtray.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215395254328

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215395246187

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

--

End of file - 8332 bytes

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Here are those reports requested. Also, while running the first two (OTL) my Avira detected something and deleted it.

OTL logfile created on: 8/25/2010 12:41:50 PM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Comp User\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 529.00 Mb Available Physical Memory | 52.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 119.15 Gb Free Space | 79.94% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: EPOX1A

Current User Name: Comp User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/25 12:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Comp User\Desktop\OTL.exe

PRC - [2010/06/30 10:04:38 | 000,773,448 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe

PRC - [2010/03/31 11:30:21 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008/12/09 19:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\apache.exe

PRC - [2008/11/15 00:53:14 | 006,447,744 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2002/05/02 16:06:04 | 000,094,208 | ---- | M] (Network Associates Technology, Inc.) -- C:\Program Files\Network Associates\PGPNT\PGPtray.exe

PRC - [2002/02/05 07:03:00 | 000,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities\NPROTECT.EXE

PRC - [2002/01/30 07:00:00 | 000,172,065 | ---- | M] (Symantec Corporation) -- C:\Program Files\Speed Disk\NOPDB.EXE

========== Modules (SafeList) ==========

MOD - [2010/08/25 12:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Comp User\Desktop\OTL.exe

MOD - [2010/06/30 09:46:20 | 000,049,664 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\plx_hook.dll

MOD - [2009/06/26 19:07:54 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcr90.dll

MOD - [2009/06/26 19:07:52 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcp90.dll

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2002/05/02 15:53:10 | 000,028,672 | ---- | M] (Network Associates Technology, Inc.) -- C:\WINDOWS\system32\PGPhk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/08/23 15:12:13 | 002,854,488 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3745.dll -- (Akamai)

SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/12/09 19:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\apache.exe -- (Apache2.2)

SRV - [2008/11/15 00:53:14 | 006,447,744 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)

SRV - [2002/02/05 07:03:00 | 000,135,168 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities\NPROTECT.EXE -- (NProtectService)

SRV - [2002/01/30 07:00:00 | 000,172,065 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Speed Disk\NOPDB.EXE -- (Speed Disk service)

========== Driver Services (SafeList) ==========

DRV - [2009/12/08 00:22:17 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/08/17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/01/13 02:02:55 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)

DRV - [2008/10/09 19:40:34 | 000,217,128 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3132r5.sys -- (Si3132r5)

DRV - [2008/10/09 19:40:34 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)

DRV - [2008/10/09 19:40:34 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)

DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)

DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2006/11/01 14:42:14 | 000,033,280 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2005/08/01 22:21:24 | 000,005,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\hwmdr.SYS -- (hwmdr)

DRV - [2005/06/20 10:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/03/17 22:32:14 | 000,002,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\epcpuid.SYS -- (epcpuid)

DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005/02/24 20:04:58 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005/02/24 20:04:56 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005/02/11 21:11:32 | 000,016,640 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)

DRV - [2005/02/11 21:11:02 | 000,089,856 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)

DRV - [2004/11/25 22:08:34 | 000,003,200 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\GetBinFile.SYS -- (GetBINFile)

DRV - [2002/05/02 16:09:44 | 000,108,548 | ---- | M] (Network Associates Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPdisk.sys -- (PGPdisk)

DRV - [2002/03/17 04:07:40 | 000,006,656 | ---- | M] (Network Associates, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPmemlock.sys -- (PGPmemlock)

DRV - [2002/02/05 07:03:00 | 000,034,578 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)

DRV - [2001/10/16 10:19:18 | 000,058,032 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2001/08/01 15:49:36 | 000,805,808 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\C-itNT.sys -- (XIRLINK)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKU\S-1-5-21-823518204-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-823518204-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {F70B22BD-4C15-4531-8E4F-8F9FFCB6C4F1}:1.9.1

FF - prefs.js..network.proxy.ftp: ":"

FF - prefs.js..network.proxy.gopher: ":"

FF - prefs.js..network.proxy.http: ":"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: ":"

FF - prefs.js..network.proxy.ssl: ":"

FF - HKLM\software\mozilla\Firefox\extensions\\{F70B22BD-4C15-4531-8E4F-8F9FFCB6C4F1}: C:\Documents and Settings\Comp User\Local Settings\Application Data\{F70B22BD-4C15-4531-8E4F-8F9FFCB6C4F1} [2010/08/23 00:52:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 11:30:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/22 01:37:14 | 000,000,000 | ---D | M]

[2009/03/25 21:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comp User\Application Data\Mozilla\Extensions

[2009/03/25 21:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comp User\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2009/01/03 18:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comp User\Application Data\Mozilla\Firefox\Profiles\degry19s.default\extensions

[2010/08/24 23:36:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/04/26 01:22:33 | 000,305,813 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: :: 1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 10528 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (100% Free Chess Toolbar Helper) - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - C:\Program Files\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (100% Free Chess Toolbar) - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program Files\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll ()

O3 - HKU\S-1-5-21-823518204-436374069-839522115-1004\..\Toolbar\WebBrowser: (100% Free Chess Toolbar) - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program Files\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll ()

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKU\.DEFAULT..\Run: [Tjijagurinaz] C:\WINDOWS\ksmsri0.DLL (MaresWEB)

O4 - HKU\S-1-5-18..\Run: [Tjijagurinaz] C:\WINDOWS\ksmsri0.DLL (MaresWEB)

O4 - HKU\S-1-5-21-823518204-436374069-839522115-1004..\Run: [{9D233198-CD86-C632-C461-F6FB4987BBCB}] C:\WINDOWS\System32\config\systemprofile\Application Data\Atkoy\oqsyi.exe (tckdqdekjxeyg)

O4 - HKU\S-1-5-21-823518204-436374069-839522115-1004..\Run: [cdloader] C:\Documents and Settings\Comp User\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)

O4 - HKU\S-1-5-21-823518204-436374069-839522115-1004..\Run: [PlaxoSysTray] C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\plaxosystray.exe (Plaxo, Inc.)

O4 - HKU\S-1-5-21-823518204-436374069-839522115-1004..\Run: [PlaxoUpdate] C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe (Plaxo, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE (Symantec Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.lnk = C:\Program Files\Network Associates\PGPNT\PGPtray.exe (Network Associates Technology, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecurity.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1215395254328 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1215395246187 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Comp User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Comp User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/04/29 06:53:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{48a250dd-f614-11db-8311-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{48a250dd-f614-11db-8311-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{48a250dd-f614-11db-8311-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN\AUTORUN.EXE -- File not found

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found

O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Comp User\0.3276110075307592.exe

[2010/08/25 12:41:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Comp User\Desktop\OTL.exe

[2010/08/25 00:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/08/25 00:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/08/23 01:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities

[2010/08/23 01:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/08/23 01:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/08/23 00:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Comp User\Local Settings\Application Data\{F70B22BD-4C15-4531-8E4F-8F9FFCB6C4F1}

[2007/11/03 18:06:12 | 000,378,368 | ---- | C] (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173) -- C:\Program Files\ws_ftp95.exe

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/25 12:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Comp User\Desktop\OTL.exe

[2010/08/25 12:36:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/08/25 12:36:25 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/08/25 12:36:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/08/25 12:36:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/08/25 12:36:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/08/25 12:36:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/08/25 01:51:56 | 006,419,736 | -H-- | M] () -- C:\Documents and Settings\Comp User\Local Settings\Application Data\IconCache.db

[2010/08/25 01:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/08/25 00:38:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/08/24 12:22:13 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Comp User\NTUSER.DAT

[2010/08/24 12:22:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Comp User\ntuser.ini

[2010/08/23 15:12:17 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Sdivuvarukurur.dat

[2010/08/23 02:55:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/08/23 00:52:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ilufocaliroquq.bin

[2010/08/22 22:28:28 | 000,144,384 | ---- | M] () -- C:\Documents and Settings\Comp User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/20 15:07:20 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Comp User\Desktop\magicJack.lnk

[2010/08/19 15:22:31 | 000,161,563 | ---- | M] () -- C:\Documents and Settings\Comp User\My Documents\DisplayPdf.pdf

[2010/08/15 03:34:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job

[2010/08/13 15:47:21 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Comp User\My Documents\55.doc

[2010/08/13 02:22:37 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Comp User\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Free Chess.lnk

[2010/07/26 23:52:59 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Comp User\Desktop\PRODUCTWEIGHTS_2010(2).xls

[2010/07/26 18:19:51 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Comp User\Desktop\PRODUCTWEIGHTS_2010.xls

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/23 00:52:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ilufocaliroquq.bin

[2010/08/23 00:52:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Sdivuvarukurur.dat

[2010/08/19 15:22:31 | 000,161,563 | ---- | C] () -- C:\Documents and Settings\Comp User\My Documents\DisplayPdf.pdf

[2010/08/13 15:47:21 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Comp User\My Documents\55.doc

[2010/08/13 02:22:37 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Comp User\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Free Chess.lnk

[2010/07/26 23:53:03 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Comp User\Desktop\PRODUCTWEIGHTS_2010(2).xls

[2010/07/26 18:19:59 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Comp User\Desktop\PRODUCTWEIGHTS_2010.xls

[2010/06/02 03:05:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/04/12 00:39:05 | 000,088,559 | ---- | C] () -- C:\Documents and Settings\Comp User\Local Settings\Application Data\FASTWiz.log

[2010/03/31 19:03:56 | 000,002,839 | ---- | C] () -- C:\Program Files\welcome.html

[2010/01/14 22:38:16 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2010/01/14 22:25:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Adams65.ini

[2010/01/14 20:43:10 | 000,000,302 | ---- | C] () -- C:\WINDOWS\_delis43.ini

[2010/01/04 21:52:21 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2010/01/02 02:54:44 | 000,001,217 | ---- | C] () -- C:\WINDOWS\alletter.ini

[2009/12/27 19:33:50 | 000,219,136 | ---- | C] () -- C:\WINDOWS\sqlite3_engine.dll

[2009/12/27 19:33:48 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_engine.dll

[2009/12/27 15:23:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\hdd.ini

[2009/08/06 22:50:48 | 000,009,059 | ---- | C] () -- C:\Program Files\configuration.php

[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009/07/22 16:41:38 | 000,000,371 | ---- | C] () -- C:\Program Files\WS_FTP.LOG

[2009/07/22 16:41:37 | 000,001,236 | ---- | C] () -- C:\Program Files\default.html

[2009/02/25 18:23:19 | 000,000,486 | ---- | C] () -- C:\WINDOWS\my.ini

[2009/01/13 02:02:56 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini

[2009/01/13 02:02:55 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll

[2009/01/09 02:40:54 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2008/10/16 22:53:09 | 000,001,006 | ---- | C] () -- C:\Program Files\.htaccess

[2008/09/03 23:53:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\WebEasy.INI

[2008/06/26 09:08:20 | 000,030,823 | ---- | C] () -- C:\Program Files\skon.gif

[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll

[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll

[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll

[2007/11/03 18:07:27 | 000,001,305 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI

[2007/09/27 13:39:16 | 000,001,995 | ---- | C] () -- C:\WINDOWS\AccMling.ini

[2007/08/27 18:39:08 | 003,822,956 | -H-- | C] () -- C:\WINDOWS\System32\IRAS.sys

[2007/08/08 21:25:11 | 000,000,726 | ---- | C] () -- C:\WINDOWS\bundle.ini

[2007/08/02 19:10:20 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Comp User\Application Data\PFP100JPR.{PB

[2007/08/02 19:10:20 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Comp User\Application Data\PFP100JCM.{PB

[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll

[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll

[2007/06/24 02:21:30 | 000,144,384 | ---- | C] () -- C:\Documents and Settings\Comp User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/04/29 17:42:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/04/29 07:20:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\hwmdr.SYS

[2007/04/29 07:20:33 | 000,003,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\GetBinFile.SYS

[2007/04/29 07:20:33 | 000,002,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\epcpuid.SYS

[2007/04/29 07:12:41 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini

[2007/04/29 07:12:33 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2007/04/29 07:08:01 | 000,000,268 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini

[2007/04/29 06:49:38 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\icaapi.dll

[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll

[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll

[2004/08/04 08:00:00 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\dciman32.dll

[2000/05/15 15:39:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cscc.dll

[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 8/25/2010 12:41:50 PM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Comp User\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 529.00 Mb Available Physical Memory | 52.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 119.15 Gb Free Space | 79.94% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: EPOX1A

Current User Name: Comp User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Hide This Folder] -- C:\Program Files\FreeFolderHider\FolderHider.exe %1..L File not found

Directory [Open Folder Hider] -- C:\Program Files\FreeFolderHider\FolderHider.exe %1..O File not found

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"1033:TCP" = 1033:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\ws_ftp95.exe" = C:\Program Files\ws_ftp95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\xampp\apache\bin\apache.exe" = C:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"C:\Program Files\Common Files\Eyewitness News Alert\TrueWeather.exe" = C:\Program Files\Common Files\Eyewitness News Alert\TrueWeather.exe:*:Enabled:TrueWeather -- (BIA Information Network)

"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)

"C:\Documents and Settings\Comp User\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Comp User\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{052518B7-7B12-4B45-887A-DA8E079005D6}" = Deluxe Wills and Trusts

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002 OEM

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{4241BD9F-55F1-43B5-8694-DBC9C596F175}" = Web Easy Professional

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52D97366-9779-43AB-98A2-91600DCD9102}" = Enterprise

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A4CEB917-6912-48AC-8999-588A3F3A8EEF}" = PC Attorney

"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC1314E7-D28C-40A1-B322-80D2868D35CE}" = HP PSC & Officejet 4.2 Corporate Edition

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.86

"{B8971880-0060-11D8-87CB-C2A1A3E71907}_is1" = Index.dat Suite

"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}" = Dual-Core Optimizer

"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{D16AA51D-2BE9-421A-84A7-759578E64A74}" = Web Easy Professional 7

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"100% Free Chess Toolbar" = 100% Free Chess Toolbar

"7-Zip" = 7-Zip 4.65

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced SystemCare 3_is1" = Advanced SystemCare 3

"Akamai" = Akamai NetSession Interface

"Arts & Letters EXPRESS Download" = Arts & Letters EXPRESS Download

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Brain Games Chess" = Brain Games Chess (remove only)

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"doPDF 7 printer_is1" = doPDF 7.0 printer

"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)

"EPoXMagic" = EPoX Magic BIOS

"EsetOnlineScanner" = ESET Online Scanner

"Eyewitness News Alert" = Eyewitness News Alert

"FileZilla Client" = FileZilla Client 3.3.3

"Free Folder Hider_is1" = Free Folder Hider 10.7

"Free Invoicer_is1" = Free Invoicer

"FreeChess" = 100% Free Chess 7.40

"Google Updater" = Google Updater

"HijackThis" = HijackThis 2.0.2

"hwmdr" = EPoX Thunder Probe (EPTP)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Index.dat Analyzer_is1" = Index.dat Analyzer v2.5

"LimeWire" = LimeWire 4.18.8

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Norton Speed Disk" = Norton Speed Disk 6.0 for Windows NT

"Norton Utilities" = Norton Utilities 2002 for Windows

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"PGP" = PGP 6.5.8ckt - Build:08

"Plaxo" = Plaxo Toolbar for Windows

"Privacy G

Link to post
Share on other sites

Hello,

I only got one report from OTL (OTL.txt). It would not give me an Extras report. I ran OTL two or three times, trying to get this

report, but it didn't do it......

Here they are............

OTL logfile created on: 8/25/2010 1:10:31 PM - Run 3

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Comp User\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 396.00 Mb Available Physical Memory | 39.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 119.12 Gb Free Space | 79.92% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: EPOX1A

Current User Name: Comp User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/25 12:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Comp User\Desktop\OTL.exe

PRC - [2010/06/30 10:04:38 | 000,773,448 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe

PRC - [2010/03/31 11:30:21 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008/12/09 19:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\apache.exe

PRC - [2008/11/15 00:53:14 | 006,447,744 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2002/05/02 16:06:04 | 000,094,208 | ---- | M] (Network Associates Technology, Inc.) -- C:\Program Files\Network Associates\PGPNT\PGPtray.exe

PRC - [2002/02/05 07:03:00 | 000,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities\NPROTECT.EXE

PRC - [2002/01/30 07:00:00 | 000,172,065 | ---- | M] (Symantec Corporation) -- C:\Program Files\Speed Disk\NOPDB.EXE

========== Modules (SafeList) ==========

MOD - [2010/08/25 12:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Comp User\Desktop\OTL.exe

MOD - [2010/06/30 09:46:20 | 000,049,664 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\plx_hook.dll

MOD - [2009/06/26 19:07:54 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcr90.dll

MOD - [2009/06/26 19:07:52 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcp90.dll

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2002/05/02 15:53:10 | 000,028,672 | ---- | M] (Network Associates Technology, Inc.) -- C:\WINDOWS\system32\PGPhk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/08/23 15:12:13 | 002,854,488 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3745.dll -- (Akamai)

SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/12/09 19:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\apache.exe -- (Apache2.2)

SRV - [2008/11/15 00:53:14 | 006,447,744 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)

SRV - [2002/02/05 07:03:00 | 000,135,168 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities\NPROTECT.EXE -- (NProtectService)

SRV - [2002/01/30 07:00:00 | 000,172,065 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Speed Disk\NOPDB.EXE -- (Speed Disk service)

========== Driver Services (SafeList) ==========

DRV - [2009/12/08 00:22:17 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/08/17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/01/13 02:02:55 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)

DRV - [2008/10/09 19:40:34 | 000,217,128 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3132r5.sys -- (Si3132r5)

DRV - [2008/10/09 19:40:34 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)

DRV - [2008/10/09 19:40:34 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)

DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)

DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2006/11/01 14:42:14 | 000,033,280 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2005/08/01 22:21:24 | 000,005,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\hwmdr.SYS -- (hwmdr)

DRV - [2005/06/20 10:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/03/17 22:32:14 | 000,002,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\epcpuid.SYS -- (epcpuid)

DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005/02/24 20:04:58 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005/02/24 20:04:56 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005/02/11 21:11:32 | 000,016,640 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)

DRV - [2005/02/11 21:11:02 | 000,089,856 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)

DRV - [2004/11/25 22:08:34 | 000,003,200 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\GetBinFile.SYS -- (GetBINFile)

DRV - [2002/05/02 16:09:44 | 000,108,548 | ---- | M] (Network Associates Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPdisk.sys -- (PGPdisk)

DRV - [2002/03/17 04:07:40 | 000,006,656 | ---- | M] (Network Associates, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPmemlock.sys -- (PGPmemlock)

DRV - [2002/02/05 07:03:00 | 000,034,578 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)

DRV - [2001/10/16 10:19:18 | 000,058,032 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2001/08/01 15:49:36 | 000,805,808 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\C-itNT.sys -- (XIRLINK)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKU\S-1-5-21-823518204-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-823518204-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {F70B22BD-4C15-4531-8E4F-8F9FFCB6C4F1}:1.9.1

FF - prefs.js..network.proxy.ftp: ":"

FF - prefs.js..network.proxy.gopher: ":"

FF - prefs.js..network.proxy.http: ":"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: ":"

FF - prefs.js..network.proxy.ssl: ":"

FF - HKLM\software\mozilla\Firefox\extensions\\{F70B22BD-4C15-4531-8E4F-8F9FFCB6C4F1}: C:\Documents and Settings\Comp User\Local Settings\Application Data\{F70B22BD-4C15-4531-8E4F-8F9FFCB6C4F1} [2010/08/23 00:52:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 11:30:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/22 01:37:14 | 000,000,000 | ---D | M]

[2009/03/25 21:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comp User\Application Data\Mozilla\Extensions

[2009/03/25 21:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comp User\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2009/01/03 18:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comp User\Application Data\Mozilla\Firefox\Profiles\degry19s.default\extensions

[2010/08/24 23:36:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/04/26 01:22:33 | 000,305,813 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: :: 1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 10528 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (100% Free Chess Toolbar Helper) - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - C:\Program Files\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (100% Free Chess Toolbar) - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program Files\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll ()

O3 - HKU\S-1-5-21-823518204-436374069-839522115-1004\..\Toolbar\WebBrowser: (100% Free Chess Toolbar) - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program Files\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll ()

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKU\.DEFAULT..\Run: [Tjijagurinaz] C:\WINDOWS\ksmsri0.DLL (MaresWEB)

O4 - HKU\S-1-5-18..\Run: [Tjijagurinaz] C:\WINDOWS\ksmsri0.DLL (MaresWEB)

O4 - HKU\S-1-5-21-823518204-436374069-839522115-1004..\Run: [{9D233198-CD86-C632-C461-F6FB4987BBCB}] C:\WINDOWS\System32\config\systemprofile\Application Data\Atkoy\oqsyi.exe (tckdqdekjxeyg)

O4 - HKU\S-1-5-21-823518204-436374069-839522115-1004..\Run: [cdloader] C:\Documents and Settings\Comp User\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)

O4 - HKU\S-1-5-21-823518204-436374069-839522115-1004..\Run: [PlaxoSysTray] C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\plaxosystray.exe (Plaxo, Inc.)

O4 - HKU\S-1-5-21-823518204-436374069-839522115-1004..\Run: [PlaxoUpdate] C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe (Plaxo, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE (Symantec Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.lnk = C:\Program Files\Network Associates\PGPNT\PGPtray.exe (Network Associates Technology, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecurity.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1215395254328 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1215395246187 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Comp User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Comp User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/04/29 06:53:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{48a250dd-f614-11db-8311-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{48a250dd-f614-11db-8311-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{48a250dd-f614-11db-8311-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN\AUTORUN.EXE -- File not found

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found

O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/25 12:41:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Comp User\Desktop\OTL.exe

[2010/08/25 00:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/08/25 00:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/08/23 01:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities

[2010/08/23 01:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/08/23 01:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/08/23 00:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Comp User\Local Settings\Application Data\{F70B22BD-4C15-4531-8E4F-8F9FFCB6C4F1}

[2007/11/03 18:06:12 | 000,378,368 | ---- | C] (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173) -- C:\Program Files\ws_ftp95.exe

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/25 13:03:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/08/25 12:49:33 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Comp User\Desktop\RKUnhookerLE.EXE

[2010/08/25 12:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Comp User\Desktop\OTL.exe

[2010/08/25 12:36:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/08/25 12:36:25 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/08/25 12:36:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/08/25 12:36:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/08/25 12:36:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/08/25 12:36:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/08/25 01:51:56 | 006,419,736 | -H-- | M] () -- C:\Documents and Settings\Comp User\Local Settings\Application Data\IconCache.db

[2010/08/25 00:38:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/08/24 12:22:13 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Comp User\NTUSER.DAT

[2010/08/24 12:22:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Comp User\ntuser.ini

[2010/08/23 15:12:17 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Sdivuvarukurur.dat

[2010/08/23 02:55:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/08/23 00:52:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ilufocaliroquq.bin

[2010/08/22 22:28:28 | 000,144,384 | ---- | M] () -- C:\Documents and Settings\Comp User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/20 15:07:20 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Comp User\Desktop\magicJack.lnk

[2010/08/19 15:22:31 | 000,161,563 | ---- | M] () -- C:\Documents and Settings\Comp User\My Documents\DisplayPdf.pdf

[2010/08/15 03:34:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job

[2010/08/13 15:47:21 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Comp User\My Documents\55.doc

[2010/08/13 02:22:37 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Comp User\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Free Chess.lnk

[2010/07/26 23:52:59 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Comp User\Desktop\PRODUCTWEIGHTS_2010(2).xls

[2010/07/26 18:19:51 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Comp User\Desktop\PRODUCTWEIGHTS_2010.xls

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/25 12:49:35 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Comp User\Desktop\RKUnhookerLE.EXE

[2010/08/23 00:52:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ilufocaliroquq.bin

[2010/08/23 00:52:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Sdivuvarukurur.dat

[2010/08/19 15:22:31 | 000,161,563 | ---- | C] () -- C:\Documents and Settings\Comp User\My Documents\DisplayPdf.pdf

[2010/08/13 15:47:21 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Comp User\My Documents\55.doc

[2010/08/13 02:22:37 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Comp User\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Free Chess.lnk

[2010/07/26 23:53:03 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Comp User\Desktop\PRODUCTWEIGHTS_2010(2).xls

[2010/07/26 18:19:59 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Comp User\Desktop\PRODUCTWEIGHTS_2010.xls

[2010/06/02 03:05:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/04/12 00:39:05 | 000,088,559 | ---- | C] () -- C:\Documents and Settings\Comp User\Local Settings\Application Data\FASTWiz.log

[2010/03/31 19:03:56 | 000,002,839 | ---- | C] () -- C:\Program Files\welcome.html

[2010/01/14 22:38:16 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2010/01/14 22:25:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Adams65.ini

[2010/01/14 20:43:10 | 000,000,302 | ---- | C] () -- C:\WINDOWS\_delis43.ini

[2010/01/04 21:52:21 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2010/01/02 02:54:44 | 000,001,217 | ---- | C] () -- C:\WINDOWS\alletter.ini

[2009/12/27 19:33:50 | 000,219,136 | ---- | C] () -- C:\WINDOWS\sqlite3_engine.dll

[2009/12/27 19:33:48 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_engine.dll

[2009/12/27 15:23:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\hdd.ini

[2009/08/06 22:50:48 | 000,009,059 | ---- | C] () -- C:\Program Files\configuration.php

[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009/07/22 16:41:38 | 000,000,371 | ---- | C] () -- C:\Program Files\WS_FTP.LOG

[2009/07/22 16:41:37 | 000,001,236 | ---- | C] () -- C:\Program Files\default.html

[2009/02/25 18:23:19 | 000,000,486 | ---- | C] () -- C:\WINDOWS\my.ini

[2009/01/13 02:02:56 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini

[2009/01/13 02:02:55 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll

[2009/01/09 02:40:54 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2008/10/16 22:53:09 | 000,001,006 | ---- | C] () -- C:\Program Files\.htaccess

[2008/09/03 23:53:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\WebEasy.INI

[2008/06/26 09:08:20 | 000,030,823 | ---- | C] () -- C:\Program Files\skon.gif

[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll

[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll

[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll

[2007/11/03 18:07:27 | 000,001,305 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI

[2007/09/27 13:39:16 | 000,001,995 | ---- | C] () -- C:\WINDOWS\AccMling.ini

[2007/08/27 18:39:08 | 003,822,956 | -H-- | C] () -- C:\WINDOWS\System32\IRAS.sys

[2007/08/08 21:25:11 | 000,000,726 | ---- | C] () -- C:\WINDOWS\bundle.ini

[2007/08/02 19:10:20 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Comp User\Application Data\PFP100JPR.{PB

[2007/08/02 19:10:20 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Comp User\Application Data\PFP100JCM.{PB

[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll

[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll

[2007/06/24 02:21:30 | 000,144,384 | ---- | C] () -- C:\Documents and Settings\Comp User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/04/29 17:42:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/04/29 07:20:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\hwmdr.SYS

[2007/04/29 07:20:33 | 000,003,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\GetBinFile.SYS

[2007/04/29 07:20:33 | 000,002,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\epcpuid.SYS

[2007/04/29 07:12:41 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini

[2007/04/29 07:12:33 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2007/04/29 07:08:01 | 000,000,268 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini

[2007/04/29 06:49:38 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\icaapi.dll

[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll

[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll

[2004/08/04 08:00:00 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\dciman32.dll

[2000/05/15 15:39:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cscc.dll

[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

-------------------------------

*****************

-------------------------------

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xF58B5000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 7733248 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 190.62 )

0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 5849088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 190.62 )

0xF60CF000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2326528 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2150400 bytes

0x804D7000 RAW 2150400 bytes

0x804D7000 WMIxWDM 2150400 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF726A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xEC02F000 C:\WINDOWS\system32\DRIVERS\C-itnt.sys 565248 bytes (Xirlink, Inc, Xirlink USB Camera Driver)

0xEC0E9000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF4D31000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xEC296000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB83A2000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xB7C81000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF6048000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 262144 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)

0xF7358000 Si3132r5.sys 225280 bytes (Silicon Image, Inc, SATA SoftRAID 5 miniport driver)

0xF6015000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 208896 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)

0xF73ED000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB876F000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF723D000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB79D6000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xEC181000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xEC26E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xEC0B9000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF60AB000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF6307000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF6088000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xEC24C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E4000 ACPI_HAL 134400 bytes

0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF7320000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF73BD000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xEB718000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 114688 bytes (Avira GmbH, Avira Driver for RootKit Detection)

0xF7223000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB8589000 C:\WINDOWS\System32\Drivers\PGPdisk.SYS 102400 bytes (Network Associates Technology, Inc., PGPdisk Driver for Windows NT)

0xF73A5000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF7340000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xF72F7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF4DA0000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xF738F000 nvatabus.sys 90112 bytes (NVIDIA Corporation, NVIDIA

Link to post
Share on other sites

Here are those reports requested. Also, while running the first two (OTL) my Avira detected something and deleted it.

OTL logfile created on: 8/25/2010 12:41:50 PM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Comp User\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 529.00 Mb Available Physical Memory | 52.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 119.15 Gb Free Space | 79.94% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: EPOX1A

Current User Name: Comp User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/25 12:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Comp User\Desktop\OTL.exe

PRC - [2010/06/30 10:04:38 | 000,773,448 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe

PRC - [2010/03/31 11:30:21 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008/12/09 19:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\apache.exe

PRC - [2008/11/15 00:53:14 | 006,447,744 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2002/05/02 16:06:04 | 000,094,208 | ---- | M] (Network Associates Technology, Inc.) -- C:\Program Files\Network Associates\PGPNT\PGPtray.exe

PRC - [2002/02/05 07:03:00 | 000,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities\NPROTECT.EXE

PRC - [2002/01/30 07:00:00 | 000,172,065 | ---- | M] (Symantec Corporation) -- C:\Program Files\Speed Disk\NOPDB.EXE

========== Modules (SafeList) ==========

MOD - [2010/08/25 12:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Comp User\Desktop\OTL.exe

MOD - [2010/06/30 09:46:20 | 000,049,664 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\plx_hook.dll

MOD - [2009/06/26 19:07:54 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcr90.dll

MOD - [2009/06/26 19:07:52 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcp90.dll

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2002/05/02 15:53:10 | 000,028,672 | ---- | M] (Network Associates Technology, Inc.) -- C:\WINDOWS\system32\PGPhk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/08/23 15:12:13 | 002,854,488 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3745.dll -- (Akamai)

SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/12/09 19:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\apache.exe -- (Apache2.2)

SRV - [2008/11/15 00:53:14 | 006,447,744 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)

SRV - [2002/02/05 07:03:00 | 000,135,168 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities\NPROTECT.EXE -- (NProtectService)

SRV - [2002/01/30 07:00:00 | 000,172,065 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Speed Disk\NOPDB.EXE -- (Speed Disk service)

========== Driver Services (SafeList) ==========

DRV - [2009/12/08 00:22:17 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/08/17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/01/13 02:02:55 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)

DRV - [2008/10/09 19:40:34 | 000,217,128 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3132r5.sys -- (Si3132r5)

DRV - [2008/10/09 19:40:34 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)

DRV - [2008/10/09 19:40:34 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)

DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)

DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2006/11/01 14:42:14 | 000,033,280 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2005/08/01 22:21:24 | 000,005,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\hwmdr.SYS -- (hwmdr)

DRV - [2005/06/20 10:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/03/17 22:32:14 | 000,002,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\epcpuid.SYS -- (epcpuid)

DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005/02/24 20:04:58 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005/02/24 20:04:56 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005/02/11 21:11:32 | 000,016,640 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)

DRV - [2005/02/11 21:11:02 | 000,089,856 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)

DRV - [2004/11/25 22:08:34 | 000,003,200 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\GetBinFile.SYS -- (GetBINFile)

DRV - [2002/05/02 16:09:44 | 000,108,548 | ---- | M] (Network Associates Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPdisk.sys -- (PGPdisk)

DRV - [2002/03/17 04:07:40 | 000,006,656 | ---- | M] (Network Associates, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPmemlock.sys -- (PGPmemlock)

DRV - [2002/02/05 07:03:00 | 000,034,578 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)

DRV - [2001/10/16 10:19:18 | 000,058,032 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2001/08/01 15:49:36 | 000,805,808 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\C-itNT.sys -- (XIRLINK)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKU\S-1-5-21-823518204-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-823518204-436374069-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {F70B22BD-4C15-4531-8E4F-8F9FFCB6C4F1}:1.9.1

FF - prefs.js..network.proxy.ftp: ":"

FF - prefs.js..network.proxy.gopher: ":"

FF - prefs.js..network.proxy.http: ":"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: ":"

FF - prefs.js..network.proxy.ssl: ":"

FF - HKLM\software\mozilla\Firefox\extensions\\{F70B22BD-4C15-4531-8E4F-8F9FFCB6C4F1}: C:\Documents and Settings\Comp User\Local Settings\Application Data\{F70B22BD-4C15-4531-8E4F-8F9FFCB6C4F1} [2010/08/23 00:52:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 11:30:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/22 01:37:14 | 000,000,000 | ---D | M]

[2009/03/25 21:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comp User\Application Data\Mozilla\Extensions

[2009/03/25 21:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comp User\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2009/01/03 18:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comp User\Application Data\Mozilla\Firefox\Profiles\degry19s.default\extensions

[2010/08/24 23:36:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/04/26 01:22:33 | 000,305,813 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: :: 1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 10528 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (100% Free Chess Toolbar Helper) - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - C:\Program Files\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (100% Free Chess Toolbar) - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program Files\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll ()

O3 - HKU\S-1-5-21-823518204-436374069-839522115-1004\..\Toolbar\WebBrowser: (100% Free Chess Toolbar) - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program Files\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll ()

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKU\.DEFAULT..\Run: [Tjijagurinaz] C:\WINDOWS\ksmsri0.DLL (MaresWEB)

O4 - HKU\S-1-5-18..\Run: [Tjijagurinaz] C:\WINDOWS\ksmsri0.DLL (MaresWEB)

O4 - HKU\S-1-5-21-823518204-436374069-839522115-1004..\Run: [{9D233198-CD86-C632-C461-F6FB4987BBCB}] C:\WINDOWS\System32\config\systemprofile\Application Data\Atkoy\oqsyi.exe (tckdqdekjxeyg)

O4 - HKU\S-1-5-21-823518204-436374069-839522115-1004..\Run: [cdloader] C:\Documents and Settings\Comp User\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)

O4 - HKU\S-1-5-21-823518204-436374069-839522115-1004..\Run: [PlaxoSysTray] C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\plaxosystray.exe (Plaxo, Inc.)

O4 - HKU\S-1-5-21-823518204-436374069-839522115-1004..\Run: [PlaxoUpdate] C:\Documents and Settings\Comp User\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe (Plaxo, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE (Symantec Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.lnk = C:\Program Files\Network Associates\PGPNT\PGPtray.exe (Network Associates Technology, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecurity.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1215395254328 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1215395246187 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Comp User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Comp User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/04/29 06:53:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{48a250dd-f614-11db-8311-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{48a250dd-f614-11db-8311-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{48a250dd-f614-11db-8311-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN\AUTORUN.EXE -- File not found

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found

O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Comp User\0.3276110075307592.exe

[2010/08/25 12:41:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Comp User\Desktop\OTL.exe

[2010/08/25 00:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/08/25 00:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/08/23 01:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities

[2010/08/23 01:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/08/23 01:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/08/23 00:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Comp User\Local Settings\Application Data\{F70B22BD-4C15-4531-8E4F-8F9FFCB6C4F1}

[2007/11/03 18:06:12 | 000,378,368 | ---- | C] (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173) -- C:\Program Files\ws_ftp95.exe

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/25 12:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Comp User\Desktop\OTL.exe

[2010/08/25 12:36:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/08/25 12:36:25 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/08/25 12:36:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/08/25 12:36:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/08/25 12:36:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/08/25 12:36:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/08/25 01:51:56 | 006,419,736 | -H-- | M] () -- C:\Documents and Settings\Comp User\Local Settings\Application Data\IconCache.db

[2010/08/25 01:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/08/25 00:38:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/08/24 12:22:13 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Comp User\NTUSER.DAT

[2010/08/24 12:22:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Comp User\ntuser.ini

[2010/08/23 15:12:17 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Sdivuvarukurur.dat

[2010/08/23 02:55:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/08/23 00:52:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ilufocaliroquq.bin

[2010/08/22 22:28:28 | 000,144,384 | ---- | M] () -- C:\Documents and Settings\Comp User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/20 15:07:20 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Comp User\Desktop\magicJack.lnk

[2010/08/19 15:22:31 | 000,161,563 | ---- | M] () -- C:\Documents and Settings\Comp User\My Documents\DisplayPdf.pdf

[2010/08/15 03:34:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job

[2010/08/13 15:47:21 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Comp User\My Documents\55.doc

[2010/08/13 02:22:37 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Comp User\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Free Chess.lnk

[2010/07/26 23:52:59 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Comp User\Desktop\PRODUCTWEIGHTS_2010(2).xls

[2010/07/26 18:19:51 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Comp User\Desktop\PRODUCTWEIGHTS_2010.xls

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/23 00:52:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ilufocaliroquq.bin

[2010/08/23 00:52:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Sdivuvarukurur.dat

[2010/08/19 15:22:31 | 000,161,563 | ---- | C] () -- C:\Documents and Settings\Comp User\My Documents\DisplayPdf.pdf

[2010/08/13 15:47:21 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Comp User\My Documents\55.doc

[2010/08/13 02:22:37 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Comp User\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Free Chess.lnk

[2010/07/26 23:53:03 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Comp User\Desktop\PRODUCTWEIGHTS_2010(2).xls

[2010/07/26 18:19:59 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Comp User\Desktop\PRODUCTWEIGHTS_2010.xls

[2010/06/02 03:05:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/04/12 00:39:05 | 000,088,559 | ---- | C] () -- C:\Documents and Settings\Comp User\Local Settings\Application Data\FASTWiz.log

[2010/03/31 19:03:56 | 000,002,839 | ---- | C] () -- C:\Program Files\welcome.html

[2010/01/14 22:38:16 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2010/01/14 22:25:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Adams65.ini

[2010/01/14 20:43:10 | 000,000,302 | ---- | C] () -- C:\WINDOWS\_delis43.ini

[2010/01/04 21:52:21 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2010/01/02 02:54:44 | 000,001,217 | ---- | C] () -- C:\WINDOWS\alletter.ini

[2009/12/27 19:33:50 | 000,219,136 | ---- | C] () -- C:\WINDOWS\sqlite3_engine.dll

[2009/12/27 19:33:48 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_engine.dll

[2009/12/27 15:23:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\hdd.ini

[2009/08/06 22:50:48 | 000,009,059 | ---- | C] () -- C:\Program Files\configuration.php

[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009/07/22 16:41:38 | 000,000,371 | ---- | C] () -- C:\Program Files\WS_FTP.LOG

[2009/07/22 16:41:37 | 000,001,236 | ---- | C] () -- C:\Program Files\default.html

[2009/02/25 18:23:19 | 000,000,486 | ---- | C] () -- C:\WINDOWS\my.ini

[2009/01/13 02:02:56 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini

[2009/01/13 02:02:55 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll

[2009/01/09 02:40:54 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2008/10/16 22:53:09 | 000,001,006 | ---- | C] () -- C:\Program Files\.htaccess

[2008/09/03 23:53:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\WebEasy.INI

[2008/06/26 09:08:20 | 000,030,823 | ---- | C] () -- C:\Program Files\skon.gif

[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll

[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll

[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll

[2007/11/03 18:07:27 | 000,001,305 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI

[2007/09/27 13:39:16 | 000,001,995 | ---- | C] () -- C:\WINDOWS\AccMling.ini

[2007/08/27 18:39:08 | 003,822,956 | -H-- | C] () -- C:\WINDOWS\System32\IRAS.sys

[2007/08/08 21:25:11 | 000,000,726 | ---- | C] () -- C:\WINDOWS\bundle.ini

[2007/08/02 19:10:20 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Comp User\Application Data\PFP100JPR.{PB

[2007/08/02 19:10:20 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Comp User\Application Data\PFP100JCM.{PB

[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll

[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll

[2007/06/24 02:21:30 | 000,144,384 | ---- | C] () -- C:\Documents and Settings\Comp User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/04/29 17:42:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/04/29 07:20:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\hwmdr.SYS

[2007/04/29 07:20:33 | 000,003,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\GetBinFile.SYS

[2007/04/29 07:20:33 | 000,002,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\epcpuid.SYS

[2007/04/29 07:12:41 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini

[2007/04/29 07:12:33 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2007/04/29 07:08:01 | 000,000,268 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini

[2007/04/29 06:49:38 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\icaapi.dll

[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll

[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll

[2004/08/04 08:00:00 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\dciman32.dll

[2000/05/15 15:39:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cscc.dll

[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 8/25/2010 12:41:50 PM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Comp User\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 529.00 Mb Available Physical Memory | 52.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 119.15 Gb Free Space | 79.94% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: EPOX1A

Current User Name: Comp User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-823518204-436374069-839522115-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Hide This Folder] -- C:\Program Files\FreeFolderHider\FolderHider.exe %1..L File not found

Directory [Open Folder Hider] -- C:\Program Files\FreeFolderHider\FolderHider.exe %1..O File not found

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"1033:TCP" = 1033:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\ws_ftp95.exe" = C:\Program Files\ws_ftp95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\xampp\apache\bin\apache.exe" = C:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"C:\Program Files\Common Files\Eyewitness News Alert\TrueWeather.exe" = C:\Program Files\Common Files\Eyewitness News Alert\TrueWeather.exe:*:Enabled:TrueWeather -- (BIA Information Network)

"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)

"C:\Documents and Settings\Comp User\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Comp User\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{052518B7-7B12-4B45-887A-DA8E079005D6}" = Deluxe Wills and Trusts

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002 OEM

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{4241BD9F-55F1-43B5-8694-DBC9C596F175}" = Web Easy Professional

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52D97366-9779-43AB-98A2-91600DCD9102}" = Enterprise

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A4CEB917-6912-48AC-8999-588A3F3A8EEF}" = PC Attorney

"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC1314E7-D28C-40A1-B322-80D2868D35CE}" = HP PSC & Officejet 4.2 Corporate Edition

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.86

"{B8971880-0060-11D8-87CB-C2A1A3E71907}_is1" = Index.dat Suite

"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}" = Dual-Core Optimizer

"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{D16AA51D-2BE9-421A-84A7-759578E64A74}" = Web Easy Professional 7

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"100% Free Chess Toolbar" = 100% Free Chess Toolbar

"7-Zip" = 7-Zip 4.65

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced SystemCare 3_is1" = Advanced SystemCare 3

"Akamai" = Akamai NetSession Interface

"Arts & Letters EXPRESS Download" = Arts & Letters EXPRESS Download

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Brain Games Chess" = Brain Games Chess (remove only)

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"doPDF 7 printer_is1" = doPDF 7.0 printer

"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)

"EPoXMagic" = EPoX Magic BIOS

"EsetOnlineScanner" = ESET Online Scanner

"Eyewitness News Alert" = Eyewitness News Alert

"FileZilla Client" = FileZilla Client 3.3.3

"Free Folder Hider_is1" = Free Folder Hider 10.7

"Free Invoicer_is1" = Free Invoicer

"FreeChess" = 100% Free Chess 7.40

"Google Updater" = Google Updater

"HijackThis" = HijackThis 2.0.2

"hwmdr" = EPoX Thunder Probe (EPTP)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Index.dat Analyzer_is1" = Index.dat Analyzer v2.5

"LimeWire" = LimeWire 4.18.8

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Norton Speed Disk" = Norton Speed Disk 6.0 for Windows NT

"Norton Utilities" = Norton Utilities 2002 for Windows

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"PGP" = PGP 6.5.8ckt - Build:08

"Plaxo" = Plaxo Toolbar for Windows

"Privacy Guardian_is1" = Privacy Guardian 4.

Link to post
Share on other sites

NOTE: The above (2nd) reply was what I did AFTER attempting to post the initial, first reply. I was getting a "connection interrupted" message and I did not know if the reply went through, so I ran OTL and the other program again, and generated new reports.

I didn't mean to be redundant; I just didn't know if I got through or not.

Link to post
Share on other sites

Hello there,

These connection reset errors are typical for this infection. Before starting to clean things, please read the following:

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.