Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Rogue System Tool


jkal
 Share

Recommended Posts

Hello - Last night I downloaded a bad virus that Security Essentials did not detect. MB in SAFE MODE along wity Spybot and Super-Anit Spyware seemed to do the trick. However, another scan by SPYBOT uncovered the same Trojan, yet MB and SAS and MSec ESS are all clean.

Web pages are loading slowly, however, there are no re-directs. Any help would be greatly appreciated.

Thanks

mbam_log_2010_12_15__00_06_36_.txt

Link to post
Share on other sites

Hello jkal! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\Moved Files
    • in most cases this will be C:\_OTL\Moved Files

Link to post
Share on other sites

Borislav -

Thanks for your input. You were very helpful to my a few months back...nice working with you again.

Here you go:

OTL logfile created on: 12/16/2010 6:38:35 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jim\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free

9.00 Gb Paging File | 8.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 5373 5373 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 123.25 Gb Free Space | 41.35% Space Free | Partition Type: NTFS

Drive F: | 298.08 Gb Total Space | 18.10 Gb Free Space | 6.07% Space Free | Partition Type: NTFS

Computer Name: JIM-1 | User Name: Jim | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jim\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

PRC - C:\Program Files\Steam\steam.exe (Valve Corporation)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\RescueTime\RescueTime.exe (RescueTime, Inc.)

PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)

PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jim\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)

SRV - (LiveTurbineMessageService) -- C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.)

SRV - (LiveTurbineNetworkService) -- C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe (Turbine, Inc.)

SRV - (Viewpoint Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)

SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found

DRV - (PCAMPR5) -- C:\WINDOWS\System32\PCAMPR5.SYS File not found

DRV - (cpuz130) -- C:\DOCUME~1\Jim\LOCALS~1\Temp\cpuz130\cpuz_x32.sys File not found

DRV - (catchme) -- C:\DOCUME~1\Jim\LOCALS~1\Temp\catchme.sys File not found

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)

DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)

DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)

DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)

DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems GmbH)

DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)

DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)

DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)

DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)

DRV - (SMBios) Intel ® -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)

DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {C4211278-C4BC-42CA-B51E-5003A82EBDD4}:1.9.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{C4211278-C4BC-42CA-B51E-5003A82EBDD4}: C:\Documents and Settings\Jim\Local Settings\Application Data\{C4211278-C4BC-42CA-B51E-5003A82EBDD4} [2010/08/29 09:46:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/20 18:49:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/09/04 12:50:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/20 18:48:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 18:49:09 | 000,000,000 | ---D | M]

[2010/03/27 14:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions

[2010/03/27 14:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2008/10/13 17:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions\home2@tomtom.com

[2010/11/21 17:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\uckq9agm.default\extensions

[2010/07/28 11:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\uckq9agm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/21 17:27:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/12 19:17:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/04/19 19:50:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/04 12:50:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/10 20:10:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/07/12 19:17:01 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/07/12 19:17:01 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2008/08/05 15:58:52 | 001,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll

[2008/08/05 15:59:16 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

[2010/07/12 19:17:08 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/10/20 18:48:52 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/05/01 23:11:56 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/10/20 18:49:09 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2010/10/20 18:48:43 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2010/07/12 19:17:09 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/07/12 19:17:09 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/07/12 19:17:09 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/07/12 19:17:09 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/07/12 19:17:09 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/07/12 19:17:09 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/07/12 19:17:09 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/12/15 20:16:07 | 000,000,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [Norton Ghost 12.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [uSB2Check] C:\WINDOWS\system32\PCLECoInst.DLL (Pinnacle Systems)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [steam] c:\program files\steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe (RescueTime, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab (SysInfo Class)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1194645270687 (MUWebControl Class)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/openapi/receivers/FMSI.cab (Futuremark SystemInfo)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s...yri_4.3.1.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not found

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/11/09 11:27:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{2b8fcd6a-7b94-11df-8ced-001d7d954a6d}\Shell\AutoRun\command - "" = G:\Setup_FlipShare.exe -- File not found

O33 - MountPoints2\{2b8fcd6a-7b94-11df-8ced-001d7d954a6d}\Shell\Setup FlipShare\command - "" = G:\Setup_FlipShare.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/16 18:37:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe

[2010/12/15 19:33:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent

[2010/12/14 22:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gIoAl06301

[2010/12/14 21:34:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys

[2010/12/14 21:33:17 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe

[2010/12/01 11:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\PMB Files

[2010/12/01 11:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2010/12/01 11:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks

[2010/11/21 10:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fallout3

[2010/11/18 12:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll

[2009/11/25 22:43:22 | 001,312,080 | ---- | C] (Malwarebytes Corporation) -- C:\Program Files\59B770ebQ.exe

[2008/10/13 17:25:29 | 009,679,360 | ---- | C] (TomTom | Macrovision Corporation) -- C:\Program Files\TomTomHOMEwinlatest.exe

[2008/10/13 17:16:11 | 019,411,496 | ---- | C] (TomTom International B.V.) -- C:\Program Files\TomTomHOME2winlatest.exe

[2007/11/22 22:18:02 | 000,585,257 | ---- | C] (TablEdit ) -- C:\Program Files\tabled32.exe

[2007/11/20 19:03:15 | 003,469,976 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXCodec.exe

[1998/12/08 20:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL

[1998/12/08 20:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL

[1998/12/08 20:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL

[1998/12/08 20:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL

[1998/12/08 20:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL

[1998/12/08 20:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/16 18:38:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-602162358-839522115-1004.job

[2010/12/16 18:38:01 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-602162358-839522115-1004.job

[2010/12/16 18:37:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe

[2010/12/16 16:45:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/12/15 20:16:07 | 000,000,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/12/15 19:37:55 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/12/15 19:37:40 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2010/12/15 19:37:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/12/15 19:36:14 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX

[2010/12/15 19:33:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/15 03:21:44 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/12/12 10:51:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/12/12 10:50:45 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/08 10:56:26 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB

[2010/12/06 23:07:55 | 036,980,540 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\3CC_master3.wav

[2010/12/05 20:02:59 | 000,500,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/12/05 20:02:59 | 000,095,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/12/04 01:59:34 | 003,262,588 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\THREE CENT CINEMA MASTER1.mp3

[2010/11/30 18:50:20 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Assassin's Creed II.url

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/21 14:54:47 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Fallout 3 (2).lnk

[2010/11/18 12:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll

[2010/11/18 12:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/13 21:01:47 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-602162358-839522115-1004.job

[2010/12/13 21:01:47 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-602162358-839522115-1004.job

[2010/12/08 10:56:26 | 000,009,662 | ---- | C] () -- C:\WINDOWS\EPISME00.SWB

[2010/12/06 23:07:55 | 036,980,540 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\3CC_master3.wav

[2010/12/04 01:59:34 | 003,262,588 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\THREE CENT CINEMA MASTER1.mp3

[2010/11/30 18:50:20 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Assassin's Creed II.url

[2010/11/21 14:54:47 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Fallout 3 (2).lnk

[2010/06/11 02:08:18 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010/03/29 14:59:12 | 000,017,388 | -HS- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\TA45p2

[2010/03/29 14:59:12 | 000,017,388 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\TA45p2

[2009/11/15 10:34:28 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\fusioncache.dat

[2009/10/12 19:51:16 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\housecall.guid.cache

[2009/09/03 20:09:43 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\YQzcnqK5at.gif

[2009/09/03 20:09:43 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\YQzcnqK5zn.gif

[2009/09/03 20:09:43 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\YQzcnqK5by.gif

[2009/08/07 18:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/07/13 05:18:16 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009/07/13 05:18:15 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/06/21 16:49:55 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini

[2009/05/17 17:35:19 | 000,137,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009/05/17 17:35:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\PnkBstrK.sys

[2009/05/10 20:44:25 | 000,000,109 | ---- | C] () -- C:\WINDOWS\PControl.ini

[2009/03/10 13:27:44 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/02/16 14:52:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2008/08/05 16:02:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/08/05 15:58:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2008/05/19 00:37:11 | 004,846,342 | ---- | C] () -- C:\Program Files\REVISED BACK ART.bmp

[2008/03/21 22:50:04 | 000,142,749 | ---- | C] () -- C:\Program Files\morebackcover3ix0.jpg

[2008/03/21 22:47:18 | 000,041,392 | ---- | C] () -- C:\Program Files\coverart3xb3.jpg

[2008/03/21 21:59:02 | 000,093,218 | ---- | C] () -- C:\Program Files\untitled444.PNG

[2008/03/21 21:50:53 | 000,113,997 | ---- | C] () -- C:\Program Files\untitled333.PNG

[2008/03/20 16:57:25 | 000,102,447 | ---- | C] () -- C:\Program Files\untitled222.PNG

[2008/03/20 15:34:21 | 000,129,823 | ---- | C] () -- C:\Program Files\untitled.bmp

[2008/03/14 23:26:20 | 000,135,318 | ---- | C] () -- C:\Program Files\cdstomperew5.png

[2008/03/08 02:21:51 | 000,498,870 | ---- | C] () -- C:\Program Files\cd3.bmp

[2008/03/08 02:07:40 | 000,498,870 | ---- | C] () -- C:\Program Files\cd sticker2.bmp

[2008/03/08 02:04:17 | 001,562,706 | ---- | C] () -- C:\Program Files\cd2.bmp

[2008/02/28 18:39:05 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Jim.ini

[2008/02/27 15:35:44 | 026,166,770 | ---- | C] () -- C:\Program Files\NAV05ENG.exe

[2008/02/19 00:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2008/01/16 11:58:30 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2008/01/16 11:58:30 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2007/12/24 22:39:08 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/12/09 12:01:24 | 000,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini

[2007/11/25 19:53:05 | 009,479,520 | ---- | C] () -- C:\Program Files\winzip111.exe

[2007/11/22 22:18:24 | 000,002,545 | ---- | C] () -- C:\WINDOWS\tabled32.ini

[2007/11/14 15:58:02 | 000,000,707 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI

[2007/11/14 15:53:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vi_setup.ini

[2007/11/12 22:48:37 | 000,002,543 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/11/11 09:48:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/11/11 00:59:51 | 000,004,105 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/11/11 00:22:41 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2007/11/10 14:49:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2007/11/10 14:47:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini

[2007/11/09 18:56:21 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll

[2007/11/09 18:55:41 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll

[2007/11/09 17:28:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/11/09 17:28:51 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2007/11/09 17:28:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI

[2007/11/09 16:29:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2007/11/09 05:16:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/04 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004/08/04 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004/08/04 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004/08/04 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004/08/04 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998/01/12 02:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/05/31 09:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy

[2009/11/09 15:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare

[2009/09/25 19:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2009/06/21 16:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES

[2010/11/21 10:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3

[2010/04/08 19:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video

[2010/12/14 23:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gIoAl06301

[2010/12/13 20:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995

[2009/03/10 13:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2010/12/01 11:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2007/11/09 17:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT

[2010/05/16 14:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony

[2009/06/21 16:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10

[2010/01/24 18:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut

[2008/10/13 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2009/05/11 13:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine

[2010/03/09 18:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2008/11/30 14:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2008/03/17 04:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2008/06/27 18:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE

[2009/09/17 17:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/10/14 12:10:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2009/09/03 20:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Bioshock

[2009/04/19 14:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Braid

[2009/10/11 10:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2008/02/27 16:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Comcast

[2008/03/17 17:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Command & Conquer 3 Tiberium Wars Demo

[2010/02/20 14:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Games

[2009/07/18 13:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Gearbox Software

[2009/07/12 21:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GetRightToGo

[2007/11/10 14:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech

[2008/08/22 21:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\LimeWire

[2009/07/14 21:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\My Games

[2009/09/03 18:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\NationRed

[2008/08/27 19:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Notepad++

[2009/02/16 14:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\pdf995

[2010/05/16 14:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Publish Providers

[2009/07/12 18:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\SaintXi

[2010/05/16 18:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Sony

[2009/09/13 12:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\SteamPopCapv1001

[2010/12/13 20:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\TaxCut

[2009/06/21 12:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\The Creative Assembly

[2009/06/12 22:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\The Path

[2008/03/06 21:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\TomTom

[2010/05/16 14:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Tropico 3 Demo

[2010/03/09 18:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Ubisoft

[2010/05/15 15:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Unity

[2008/11/30 14:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Viewpoint

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 12/16/2010 6:38:35 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jim\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free

9.00 Gb Paging File | 8.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 5373 5373 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 123.25 Gb Free Space | 41.35% Space Free | Partition Type: NTFS

Drive F: | 298.08 Gb Total Space | 18.10 Gb Free Space | 6.07% Space Free | Partition Type: NTFS

Computer Name: JIM-1 | User Name: Jim | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"56741:TCP" = 56741:TCP:*:Enabled:Pando Media Booster

"56741:UDP" = 56741:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"56741:TCP" = 56741:TCP:*:Enabled:Pando Media Booster

"56741:UDP" = 56741:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()

"C:\WINDOWS\system32\defrag.exe" = C:\WINDOWS\system32\defrag.exe:*:Enabled:defrag -- (Microsoft Corp. and Executive Software International, Inc.)

"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- (Turbine, Inc.)

"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- (Turbine, Inc.)

"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()

"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()

"C:\Program Files\Steam\SteamApps\jkalabokis\team fortress 2\hl2.exe" = C:\Program Files\Steam\SteamApps\jkalabokis\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()

"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

"C:\Program Files\Steam\SteamApps\common\fear2\FEAR2.exe" = C:\Program Files\Steam\SteamApps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin -- (Monolith Productions, Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaW.exe" = C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaW.exe:*:Enabled:Call of Duty: World at War -- (Activision Blizzard, Inc.)

"C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaWmp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaWmp.exe:*:Enabled:Call of Duty: World at War -- (Activision Blizzard, Inc.)

"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)

"C:\Program Files\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe" = C:\Program Files\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()

"C:\Program Files\Steam\SteamApps\common\mass effect 2\Binaries\MassEffect2.exe" = C:\Program Files\Steam\SteamApps\common\mass effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -- (BioWare)

"C:\Program Files\Steam\SteamApps\common\mass effect 2\MassEffect2Launcher.exe" = C:\Program Files\Steam\SteamApps\common\mass effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -- (BioWare)

"C:\Program Files\Steam\SteamApps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\SteamApps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect 2 -- ()

"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()

"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()

"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"C:\Program Files\Steam\SteamApps\common\r.u.s.e. demo\Ruse.exe" = C:\Program Files\Steam\SteamApps\common\r.u.s.e. demo\Ruse.exe:*:Enabled:R.U.S.E. Demo -- (Eugen Systems)

"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Disabled:${SafeProductName} ${FirewallName_Game} -- (BioWare)

"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Disabled:${SafeProductName} ${FirewallName_Launcher} -- (BioWare)

"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Disabled:${SafeProductName} ${FirewallName_Updater} -- (BioWare)

"C:\Program Files\Steam\SteamApps\common\assassin's creed 2\AssassinsCreedIIGame.exe" = C:\Program Files\Steam\SteamApps\common\assassin's creed 2\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"C:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe" = C:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist

"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0

"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1" = RescueTime 2.2.3

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 22

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0

"{3A14DB5B-8D96-400C-BD97-A5656779099D}" = ArcSoft PhotoStudio 5.5

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009

"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{9175D434-CEE7-486F-BE09-15C4A18ABC9C}" = TaxCut Illinois 2008

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}" = Nero 7 Essentials

"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe

Link to post
Share on other sites

Me too. :rolleyes:

Step 1

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 2

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:files
C:\Documents and Settings\All Users\Application Data\gIoAl06301
C:\WINDOWS\*.tmp
C:\WINDOWS\Fonts\*.tmp
C:\Documents and Settings\Jim\Application Data\*.gif
C:\Documents and Settings\Jim\Local Settings\Application Data\TA45p2
C:\Documents and Settings\All Users\Application Data\TA45p2

:Commands
[purity]
[emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Link to post
Share on other sites

Here you go:

All processes killed

========== FILES ==========

C:\Documents and Settings\All Users\Application Data\gIoAl06301 folder moved successfully.

C:\WINDOWS\8F1A20DC251D47B091B7DCA2523EE6C9.TMP folder moved successfully.

C:\WINDOWS\msdownld.tmp folder moved successfully.

C:\WINDOWS\Fonts\SET479.tmp moved successfully.

C:\WINDOWS\Fonts\SET47A.tmp moved successfully.

C:\WINDOWS\Fonts\SET47B.tmp moved successfully.

C:\WINDOWS\Fonts\SET47C.tmp moved successfully.

C:\WINDOWS\Fonts\SET47D.tmp moved successfully.

C:\WINDOWS\Fonts\SET47E.tmp moved successfully.

C:\WINDOWS\Fonts\SET55F.tmp moved successfully.

C:\WINDOWS\Fonts\SET560.tmp moved successfully.

C:\WINDOWS\Fonts\SET561.tmp moved successfully.

C:\WINDOWS\Fonts\SET562.tmp moved successfully.

C:\WINDOWS\Fonts\SET563.tmp moved successfully.

C:\WINDOWS\Fonts\SET564.tmp moved successfully.

C:\Documents and Settings\Jim\Application Data\YQzcnqK5at.gif moved successfully.

C:\Documents and Settings\Jim\Application Data\YQzcnqK5by.gif moved successfully.

C:\Documents and Settings\Jim\Application Data\YQzcnqK5zn.gif moved successfully.

C:\Documents and Settings\Jim\Local Settings\Application Data\TA45p2 moved successfully.

C:\Documents and Settings\All Users\Application Data\TA45p2 moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: Jim

->Temp folder emptied: 1596 bytes

->Temporary Internet Files folder emptied: 9191215 bytes

->Java cache emptied: 57311 bytes

->FireFox cache emptied: 38635864 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 88361 bytes

User: LocalService

->Temp folder emptied: 65748 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 867668 bytes

->Temporary Internet Files folder emptied: 1448108 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 21578 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26522996 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 73.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12172010_194731

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5364

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

12/20/2010 9:39:09 PM

mbam-log-2010-12-20 (21-39-09).txt

Scan type: Quick scan

Objects scanned: 156784

Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Borislav -

Thanks. I did so and thought everything was clean...but now, during a nightly full scan, Security Essentials found (and removed) the following: Trojan:Win32/Hiloti.gen!D. Don't get it - everything seemed fine and the only thing that was done ( I think - as I have teenage kids...) was a 24-hour STEAM game download. A subsequent QUICK SCAN from MSE came up clean as did a MWB QUICKSCAN.

Could this be related to the first one? Or - do you think it's totally unrelated?

As always, I really appreciate your help and guidance. Wishing you and yours the best of the season.

Jk

Link to post
Share on other sites

Good catch!

More information about this threat:

http://www.microsoft.com/security/portal/T...iloti.gen!D

I need to know location to the file which was deleted by MSE. Open MSE, go to History tab, tick All detected items and click on the latest found threat (at the top of list) and you will see more about this detection. Under Items: , you will see location, please post in your next reply.

I want to check whether there is something we have already deleted (everything we've deleted is stored in the backup of OTL).

P.S.: Thanks for the wishes and to you too. I hope to be able to solve the problem before the holidays.

Link to post
Share on other sites

Borislav -

Here's what the history shows: FILE C:/WINDOWS/MSXSRSHC.DLL

PROCESS: PID: 12180

PROCESS: PID: 1752

REG KEY: HKCU@S-1-5-21-1935655697-602162358-839522115-1004/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/RUN//CLOYONAFA

RUN KEY: HKCU@S-1-5-21-1935655697-602162358-839522115-1004/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/RUN//CLOYONAFA

Thanks

Jk

Link to post
Share on other sites

It seems something we've missed. Let's check:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Borislav -

Before we proceed, I thought you should know this: I reviewed my MWB log and back on 6/30, this is the exact file that you and I first worked on together. Could it be MSE just somehow picked it up from the Quarantine?

Forgive me if what I suggest sounds foolish.

Thanks,

JK

Link to post
Share on other sites

Borislav -

Merry Christmas!

I'm not sure if I did that right, however, I didn't see a place to copy a log file. Just copied what was found to clipboard and sent. Also restarted.

This morning I noticed occasional re-directs via Google that seem to be okay now. After the restart, it said the squidbot.dll was missing. I take that as a good sign. Will that error message continually pop up?

Thanks again. I await your next instructions - whenever is convenient for you.

JK

Link to post
Share on other sites

This error is very strange. I want additional scan for sure:

Please do an online scan with Kaspersky WebScanner

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply.

Link to post
Share on other sites

Borislav -

Just scanned using SPYBOT - didn't remove this but thought you should see it. Should I FIX SELECTED PROBLEMS or wait for another scan?

Thanks

JK

Virtumonde.prx: [sBI $B6BF2145] Autorun settings (Jyefizoyizi) (Registry value, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jyefizoyizi

Statcounter: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)

AdBrite: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)

Zedo: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)

MediaPlex: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)

DoubleClick: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)

LinkSynergy: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)

FastClick: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)

MediaPlex: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)

Right Media: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)

BurstMedia: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2009-04-28 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-07-28 advcheck.dll (1.6.3.17)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2010-10-05 Includes\Adware.sbi (*)

2010-11-30 Includes\AdwareC.sbi (*)

2010-08-13 Includes\Cookies.sbi (*)

2010-12-14 Includes\Dialer.sbi (*)

2010-12-14 Includes\DialerC.sbi (*)

2010-01-25 Includes\HeavyDuty.sbi (*)

2010-11-30 Includes\Hijackers.sbi (*)

2010-11-30 Includes\HijackersC.sbi (*)

2010-09-15 Includes\iPhone.sbi (*)

2010-12-14 Includes\Keyloggers.sbi (*)

2010-12-14 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2010-12-14 Includes\Malware.sbi (*)

2010-12-22 Includes\MalwareC.sbi (*)

2010-05-18 Includes\PUPS.sbi (*)

2010-12-14 Includes\PUPSC.sbi (*)

2010-01-25 Includes\Revision.sbi (*)

2009-01-13 Includes\Security.sbi (*)

2010-12-14 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2010-12-14 Includes\Spyware.sbi (*)

2010-12-14 Includes\SpywareC.sbi (*)

2010-03-08 Includes\Tracks.uti

2010-11-02 Includes\Trojans.sbi (*)

2010-12-17 Includes\TrojansC-02.sbi (*)

2010-12-16 Includes\TrojansC-03.sbi (*)

2010-12-16 Includes\TrojansC-04.sbi (*)

2010-12-21 Includes\TrojansC-05.sbi (*)

2010-12-16 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.