jkal Posted December 16, 2010 ID:361602 Share Posted December 16, 2010 Hello - Last night I downloaded a bad virus that Security Essentials did not detect. MB in SAFE MODE along wity Spybot and Super-Anit Spyware seemed to do the trick. However, another scan by SPYBOT uncovered the same Trojan, yet MB and SAS and MSec ESS are all clean.Web pages are loading slowly, however, there are no re-directs. Any help would be greatly appreciated.Thanksmbam_log_2010_12_15__00_06_36_.txt Link to post Share on other sites More sharing options...
Maniac Posted December 16, 2010 ID:361691 Share Posted December 16, 2010 Hello jkal! Welcome to Malwarebytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Follow my instructions step by step if there is a problem somewhere, stop and tell me.Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!If you don't know or can't understand something please ask. Do not install or uninstall any software or hardware, while work on.Keep me informed about any changes.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.A copy of an OTL fix log is saved in a text file at :\_OTL\Moved Filesin most cases this will be C:\_OTL\Moved Files Link to post Share on other sites More sharing options...
jkal Posted December 17, 2010 Author ID:362133 Share Posted December 17, 2010 Borislav -Thanks for your input. You were very helpful to my a few months back...nice working with you again.Here you go:OTL logfile created on: 12/16/2010 6:38:35 PM - Run 1OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jim\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free9.00 Gb Paging File | 8.00 Gb Available in Paging File | 90.00% Paging File freePaging file location(s): C:\pagefile.sys 5373 5373 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 298.08 Gb Total Space | 123.25 Gb Free Space | 41.35% Space Free | Partition Type: NTFSDrive F: | 298.08 Gb Total Space | 18.10 Gb Free Space | 6.07% Space Free | Partition Type: NTFSComputer Name: JIM-1 | User Name: Jim | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Documents and Settings\Jim\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)PRC - C:\Program Files\Steam\steam.exe (Valve Corporation)PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)PRC - C:\Program Files\RescueTime\RescueTime.exe (RescueTime, Inc.)PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)PRC - C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)========== Modules (SafeList) ==========MOD - C:\Documents and Settings\Jim\Desktop\OTL.exe (OldTimer Tools)MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not foundSRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not foundSRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)SRV - (LiveTurbineMessageService) -- C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.)SRV - (LiveTurbineNetworkService) -- C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe (Turbine, Inc.)SRV - (Viewpoint Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)========== Driver Services (SafeList) ==========DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not foundDRV - (PCAMPR5) -- C:\WINDOWS\System32\PCAMPR5.SYS File not foundDRV - (cpuz130) -- C:\DOCUME~1\Jim\LOCALS~1\Temp\cpuz130\cpuz_x32.sys File not foundDRV - (catchme) -- C:\DOCUME~1\Jim\LOCALS~1\Temp\catchme.sys File not foundDRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems GmbH)DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)DRV - (SMBios) Intel ® -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()========== Standard Registry (All) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21FF - prefs.js..extensions.enabledItems: {C4211278-C4BC-42CA-B51E-5003A82EBDD4}:1.9.1FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:25 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{C4211278-C4BC-42CA-B51E-5003A82EBDD4}: C:\Documents and Settings\Jim\Local Settings\Application Data\{C4211278-C4BC-42CA-B51E-5003A82EBDD4} [2010/08/29 09:46:59 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/20 18:49:03 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/09/04 12:50:34 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/20 18:48:52 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 18:49:09 | 000,000,000 | ---D | M][2010/03/27 14:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions[2010/03/27 14:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2008/10/13 17:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions\home2@tomtom.com[2010/11/21 17:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\uckq9agm.default\extensions[2010/07/28 11:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\uckq9agm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/11/21 17:27:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010/07/12 19:17:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2010/04/19 19:50:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}[2010/09/04 12:50:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}[2010/11/10 20:10:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}[2010/07/12 19:17:01 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll[2010/07/12 19:17:01 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll[2008/08/05 15:58:52 | 001,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll[2008/08/05 15:59:16 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll[2010/07/12 19:17:08 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll[2010/10/20 18:48:52 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll[2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll[2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll[2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll[2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll[2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll[2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll[2010/05/01 23:11:56 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll[2010/10/20 18:49:09 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll[2010/10/20 18:48:43 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll[2010/07/12 19:17:09 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml[2010/07/12 19:17:09 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml[2010/07/12 19:17:09 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml[2010/07/12 19:17:09 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml[2010/07/12 19:17:09 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml[2010/07/12 19:17:09 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml[2010/07/12 19:17:09 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xmlO1 HOSTS File: ([2010/12/15 20:16:07 | 000,000,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not foundO3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)O4 - HKLM..\Run: [Norton Ghost 12.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [uSB2Check] C:\WINDOWS\system32\PCLECoInst.DLL (Pinnacle Systems)O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKCU..\Run: [steam] c:\program files\steam\steam.exe (Valve Corporation)O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe (RescueTime, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab (SysInfo Class)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1194645270687 (MUWebControl Class)O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/openapi/receivers/FMSI.cab (Futuremark SystemInfo)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s...yri_4.3.1.0.cab (SysInfo Class)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not foundO20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not foundO21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (My Current Home Page) - About:HomeO24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2007/11/09 11:27:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{2b8fcd6a-7b94-11df-8ced-001d7d954a6d}\Shell\AutoRun\command - "" = G:\Setup_FlipShare.exe -- File not foundO33 - MountPoints2\{2b8fcd6a-7b94-11df-8ced-001d7d954a6d}\Shell\Setup FlipShare\command - "" = G:\Setup_FlipShare.exe -- File not foundO34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found========== Files/Folders - Created Within 30 Days ==========[2010/12/16 18:37:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe[2010/12/15 19:33:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent[2010/12/14 22:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gIoAl06301[2010/12/14 21:34:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys[2010/12/14 21:33:17 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe[2010/12/01 11:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\PMB Files[2010/12/01 11:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files[2010/12/01 11:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks[2010/11/21 10:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fallout3[2010/11/18 12:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll[2009/11/25 22:43:22 | 001,312,080 | ---- | C] (Malwarebytes Corporation) -- C:\Program Files\59B770ebQ.exe[2008/10/13 17:25:29 | 009,679,360 | ---- | C] (TomTom | Macrovision Corporation) -- C:\Program Files\TomTomHOMEwinlatest.exe[2008/10/13 17:16:11 | 019,411,496 | ---- | C] (TomTom International B.V.) -- C:\Program Files\TomTomHOME2winlatest.exe[2007/11/22 22:18:02 | 000,585,257 | ---- | C] (TablEdit ) -- C:\Program Files\tabled32.exe[2007/11/20 19:03:15 | 003,469,976 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXCodec.exe[1998/12/08 20:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL[1998/12/08 20:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL[1998/12/08 20:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL[1998/12/08 20:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL[1998/12/08 20:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL[1998/12/08 20:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/12/16 18:38:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-602162358-839522115-1004.job[2010/12/16 18:38:01 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-602162358-839522115-1004.job[2010/12/16 18:37:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe[2010/12/16 16:45:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2010/12/15 20:16:07 | 000,000,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2010/12/15 19:37:55 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml[2010/12/15 19:37:40 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics[2010/12/15 19:37:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/12/15 19:36:14 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX[2010/12/15 19:33:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/12/15 03:21:44 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010/12/12 10:51:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2010/12/12 10:50:45 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/12/08 10:56:26 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB[2010/12/06 23:07:55 | 036,980,540 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\3CC_master3.wav[2010/12/05 20:02:59 | 000,500,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010/12/05 20:02:59 | 000,095,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010/12/04 01:59:34 | 003,262,588 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\THREE CENT CINEMA MASTER1.mp3[2010/11/30 18:50:20 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Assassin's Creed II.url[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/11/21 14:54:47 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Fallout 3 (2).lnk[2010/11/18 12:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll[2010/11/18 12:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2010/12/13 21:01:47 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-602162358-839522115-1004.job[2010/12/13 21:01:47 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-602162358-839522115-1004.job[2010/12/08 10:56:26 | 000,009,662 | ---- | C] () -- C:\WINDOWS\EPISME00.SWB[2010/12/06 23:07:55 | 036,980,540 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\3CC_master3.wav[2010/12/04 01:59:34 | 003,262,588 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\THREE CENT CINEMA MASTER1.mp3[2010/11/30 18:50:20 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Assassin's Creed II.url[2010/11/21 14:54:47 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Fallout 3 (2).lnk[2010/06/11 02:08:18 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI[2010/03/29 14:59:12 | 000,017,388 | -HS- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\TA45p2[2010/03/29 14:59:12 | 000,017,388 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\TA45p2[2009/11/15 10:34:28 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\fusioncache.dat[2009/10/12 19:51:16 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\housecall.guid.cache[2009/09/03 20:09:43 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\YQzcnqK5at.gif[2009/09/03 20:09:43 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\YQzcnqK5zn.gif[2009/09/03 20:09:43 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\YQzcnqK5by.gif[2009/08/07 18:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat[2009/07/13 05:18:16 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys[2009/07/13 05:18:15 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys[2009/06/21 16:49:55 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini[2009/05/17 17:35:19 | 000,137,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys[2009/05/17 17:35:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\PnkBstrK.sys[2009/05/10 20:44:25 | 000,000,109 | ---- | C] () -- C:\WINDOWS\PControl.ini[2009/03/10 13:27:44 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2009/02/16 14:52:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini[2008/08/05 16:02:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2008/08/05 15:58:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll[2008/05/19 00:37:11 | 004,846,342 | ---- | C] () -- C:\Program Files\REVISED BACK ART.bmp[2008/03/21 22:50:04 | 000,142,749 | ---- | C] () -- C:\Program Files\morebackcover3ix0.jpg[2008/03/21 22:47:18 | 000,041,392 | ---- | C] () -- C:\Program Files\coverart3xb3.jpg[2008/03/21 21:59:02 | 000,093,218 | ---- | C] () -- C:\Program Files\untitled444.PNG[2008/03/21 21:50:53 | 000,113,997 | ---- | C] () -- C:\Program Files\untitled333.PNG[2008/03/20 16:57:25 | 000,102,447 | ---- | C] () -- C:\Program Files\untitled222.PNG[2008/03/20 15:34:21 | 000,129,823 | ---- | C] () -- C:\Program Files\untitled.bmp[2008/03/14 23:26:20 | 000,135,318 | ---- | C] () -- C:\Program Files\cdstomperew5.png[2008/03/08 02:21:51 | 000,498,870 | ---- | C] () -- C:\Program Files\cd3.bmp[2008/03/08 02:07:40 | 000,498,870 | ---- | C] () -- C:\Program Files\cd sticker2.bmp[2008/03/08 02:04:17 | 001,562,706 | ---- | C] () -- C:\Program Files\cd2.bmp[2008/02/28 18:39:05 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Jim.ini[2008/02/27 15:35:44 | 026,166,770 | ---- | C] () -- C:\Program Files\NAV05ENG.exe[2008/02/19 00:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll[2008/01/16 11:58:30 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll[2008/01/16 11:58:30 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini[2007/12/24 22:39:08 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2007/12/09 12:01:24 | 000,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini[2007/11/25 19:53:05 | 009,479,520 | ---- | C] () -- C:\Program Files\winzip111.exe[2007/11/22 22:18:24 | 000,002,545 | ---- | C] () -- C:\WINDOWS\tabled32.ini[2007/11/14 15:58:02 | 000,000,707 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI[2007/11/14 15:53:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vi_setup.ini[2007/11/12 22:48:37 | 000,002,543 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2007/11/11 09:48:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2007/11/11 00:59:51 | 000,004,105 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache[2007/11/11 00:22:41 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini[2007/11/10 14:49:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini[2007/11/10 14:47:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini[2007/11/09 18:56:21 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll[2007/11/09 18:55:41 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll[2007/11/09 17:28:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2007/11/09 17:28:51 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini[2007/11/09 17:28:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI[2007/11/09 16:29:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll[2007/11/09 05:16:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2004/08/04 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll[2004/08/04 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll[2004/08/04 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll[2004/08/04 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll[2004/08/04 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL[1998/01/12 02:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys========== LOP Check ==========[2009/05/31 09:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy[2009/11/09 15:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare[2009/09/25 19:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix[2009/06/21 16:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES[2010/11/21 10:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3[2010/04/08 19:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video[2010/12/14 23:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gIoAl06301[2010/12/13 20:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995[2009/03/10 13:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle[2010/12/01 11:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files[2007/11/09 17:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT[2010/05/16 14:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony[2009/06/21 16:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10[2010/01/24 18:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut[2008/10/13 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom[2009/05/11 13:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine[2010/03/09 18:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft[2008/11/30 14:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint[2008/03/17 04:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip[2008/06/27 18:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE[2009/09/17 17:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}[2009/10/14 12:10:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}[2009/09/03 20:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Bioshock[2009/04/19 14:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Braid[2009/10/11 10:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1[2008/02/27 16:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Comcast[2008/03/17 17:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Command & Conquer 3 Tiberium Wars Demo[2010/02/20 14:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Games[2009/07/18 13:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Gearbox Software[2009/07/12 21:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GetRightToGo[2007/11/10 14:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech[2008/08/22 21:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\LimeWire[2009/07/14 21:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\My Games[2009/09/03 18:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\NationRed[2008/08/27 19:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Notepad++[2009/02/16 14:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\pdf995[2010/05/16 14:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Publish Providers[2009/07/12 18:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\SaintXi[2010/05/16 18:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Sony[2009/09/13 12:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\SteamPopCapv1001[2010/12/13 20:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\TaxCut[2009/06/21 12:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\The Creative Assembly[2009/06/12 22:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\The Path[2008/03/06 21:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\TomTom[2010/05/16 14:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Tropico 3 Demo[2010/03/09 18:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Ubisoft[2010/05/15 15:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Unity[2008/11/30 14:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Viewpoint========== Purity Check ==========< End of report >OTL Extras logfile created on: 12/16/2010 6:38:35 PM - Run 1OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jim\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free9.00 Gb Paging File | 8.00 Gb Available in Paging File | 90.00% Paging File freePaging file location(s): C:\pagefile.sys 5373 5373 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 298.08 Gb Total Space | 123.25 Gb Free Space | 41.35% Space Free | Partition Type: NTFSDrive F: | 298.08 Gb Total Space | 18.10 Gb Free Space | 6.07% Space Free | Partition Type: NTFSComputer Name: JIM-1 | User Name: Jim | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].exe [@ = exefile] -- Reg Error: Key error. File not found.html [@ = htmlfile] -- Reg Error: Key error. File not found========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusOverride" = 0"FirewallOverride" = 0"UpdatesDisableNotify" = 0"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"56741:TCP" = 56741:TCP:*:Enabled:Pando Media Booster"56741:UDP" = 56741:UDP:*:Enabled:Pando Media Booster[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0"DisableNotifications" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"56741:TCP" = 56741:TCP:*:Enabled:Pando Media Booster"56741:UDP" = 56741:UDP:*:Enabled:Pando Media Booster========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()"C:\WINDOWS\system32\defrag.exe" = C:\WINDOWS\system32\defrag.exe:*:Enabled:defrag -- (Microsoft Corp. and Executive Software International, Inc.)"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- (Turbine, Inc.)"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- (Turbine, Inc.)"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()"C:\Program Files\Steam\SteamApps\jkalabokis\team fortress 2\hl2.exe" = C:\Program Files\Steam\SteamApps\jkalabokis\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found"C:\Program Files\Steam\SteamApps\common\fear2\FEAR2.exe" = C:\Program Files\Steam\SteamApps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin -- (Monolith Productions, Inc.)"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)"C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaW.exe" = C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaW.exe:*:Enabled:Call of Duty: World at War -- (Activision Blizzard, Inc.)"C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaWmp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaWmp.exe:*:Enabled:Call of Duty: World at War -- (Activision Blizzard, Inc.)"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)"C:\Program Files\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe" = C:\Program Files\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()"C:\Program Files\Steam\SteamApps\common\mass effect 2\Binaries\MassEffect2.exe" = C:\Program Files\Steam\SteamApps\common\mass effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -- (BioWare)"C:\Program Files\Steam\SteamApps\common\mass effect 2\MassEffect2Launcher.exe" = C:\Program Files\Steam\SteamApps\common\mass effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -- (BioWare)"C:\Program Files\Steam\SteamApps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\SteamApps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect 2 -- ()"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)"C:\Program Files\Steam\SteamApps\common\r.u.s.e. demo\Ruse.exe" = C:\Program Files\Steam\SteamApps\common\r.u.s.e. demo\Ruse.exe:*:Enabled:R.U.S.E. Demo -- (Eugen Systems)"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Disabled:${SafeProductName} ${FirewallName_Game} -- (BioWare)"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Disabled:${SafeProductName} ${FirewallName_Launcher} -- (BioWare)"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Disabled:${SafeProductName} ${FirewallName_Updater} -- (BioWare)"C:\Program Files\Steam\SteamApps\common\assassin's creed 2\AssassinsCreedIIGame.exe" = C:\Program Files\Steam\SteamApps\common\assassin's creed 2\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()"C:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe" = C:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1" = RescueTime 2.2.3"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 22"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0"{3A14DB5B-8D96-400C-BD97-A5656779099D}" = ArcSoft PhotoStudio 5.5"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui"{9175D434-CEE7-486F-BE09-15C4A18ABC9C}" = TaxCut Illinois 2008"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}" = Nero 7 Essentials"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe Link to post Share on other sites More sharing options...
Maniac Posted December 17, 2010 ID:362226 Share Posted December 17, 2010 Me too. Step 1I also see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerStep 2Run OTL.exeUnder Custom Scans/Fixes post the following script::filesC:\Documents and Settings\All Users\Application Data\gIoAl06301C:\WINDOWS\*.tmpC:\WINDOWS\Fonts\*.tmpC:\Documents and Settings\Jim\Application Data\*.gifC:\Documents and Settings\Jim\Local Settings\Application Data\TA45p2C:\Documents and Settings\All Users\Application Data\TA45p2:Commands[purity][emptytemp]Then click the Run Fix button at the topLet the program run unhindered,when it is done it will say "Fix Complete press ok to open log"Please post that log in your next reply. Link to post Share on other sites More sharing options...
jkal Posted December 18, 2010 Author ID:362491 Share Posted December 18, 2010 Here you go:All processes killed========== FILES ==========C:\Documents and Settings\All Users\Application Data\gIoAl06301 folder moved successfully.C:\WINDOWS\8F1A20DC251D47B091B7DCA2523EE6C9.TMP folder moved successfully.C:\WINDOWS\msdownld.tmp folder moved successfully.C:\WINDOWS\Fonts\SET479.tmp moved successfully.C:\WINDOWS\Fonts\SET47A.tmp moved successfully.C:\WINDOWS\Fonts\SET47B.tmp moved successfully.C:\WINDOWS\Fonts\SET47C.tmp moved successfully.C:\WINDOWS\Fonts\SET47D.tmp moved successfully.C:\WINDOWS\Fonts\SET47E.tmp moved successfully.C:\WINDOWS\Fonts\SET55F.tmp moved successfully.C:\WINDOWS\Fonts\SET560.tmp moved successfully.C:\WINDOWS\Fonts\SET561.tmp moved successfully.C:\WINDOWS\Fonts\SET562.tmp moved successfully.C:\WINDOWS\Fonts\SET563.tmp moved successfully.C:\WINDOWS\Fonts\SET564.tmp moved successfully.C:\Documents and Settings\Jim\Application Data\YQzcnqK5at.gif moved successfully.C:\Documents and Settings\Jim\Application Data\YQzcnqK5by.gif moved successfully.C:\Documents and Settings\Jim\Application Data\YQzcnqK5zn.gif moved successfully.C:\Documents and Settings\Jim\Local Settings\Application Data\TA45p2 moved successfully.C:\Documents and Settings\All Users\Application Data\TA45p2 moved successfully.========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: All UsersUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes->Flash cache emptied: 0 bytesUser: Jim->Temp folder emptied: 1596 bytes->Temporary Internet Files folder emptied: 9191215 bytes->Java cache emptied: 57311 bytes->FireFox cache emptied: 38635864 bytes->Google Chrome cache emptied: 0 bytes->Flash cache emptied: 88361 bytesUser: LocalService->Temp folder emptied: 65748 bytes->Temporary Internet Files folder emptied: 32902 bytesUser: NetworkService->Temp folder emptied: 867668 bytes->Temporary Internet Files folder emptied: 1448108 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 21578 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26522996 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 73.00 mbOTL by OldTimer - Version 3.2.17.3 log created on 12172010_194731Files\Folders moved on Reboot...Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Maniac Posted December 20, 2010 ID:363246 Share Posted December 20, 2010 Launch Malwarebytes' Anti-MalwareGo to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Link to post Share on other sites More sharing options...
jkal Posted December 21, 2010 Author ID:363715 Share Posted December 21, 2010 Malwarebytes' Anti-Malware 1.50www.malwarebytes.orgDatabase version: 5364Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.1312/20/2010 9:39:09 PMmbam-log-2010-12-20 (21-39-09).txtScan type: Quick scanObjects scanned: 156784Time elapsed: 3 minute(s), 20 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Maniac Posted December 21, 2010 ID:363762 Share Posted December 21, 2010 How are things running now? Link to post Share on other sites More sharing options...
jkal Posted December 23, 2010 Author ID:364355 Share Posted December 23, 2010 Borislav -Seems to be okay...however, I just noticed that in my start menu - under PROGRAMS - the last entry is SYSTEM TOOLS 2011.ThanksJK Link to post Share on other sites More sharing options...
Maniac Posted December 23, 2010 ID:364519 Share Posted December 23, 2010 Right mouse click on it and choose "Delete" option. Link to post Share on other sites More sharing options...
jkal Posted December 23, 2010 Author ID:364608 Share Posted December 23, 2010 Borislav -Thanks. I did so and thought everything was clean...but now, during a nightly full scan, Security Essentials found (and removed) the following: Trojan:Win32/Hiloti.gen!D. Don't get it - everything seemed fine and the only thing that was done ( I think - as I have teenage kids...) was a 24-hour STEAM game download. A subsequent QUICK SCAN from MSE came up clean as did a MWB QUICKSCAN. Could this be related to the first one? Or - do you think it's totally unrelated?As always, I really appreciate your help and guidance. Wishing you and yours the best of the season.Jk Link to post Share on other sites More sharing options...
Maniac Posted December 23, 2010 ID:364614 Share Posted December 23, 2010 Good catch!More information about this threat:http://www.microsoft.com/security/portal/T...iloti.gen!DI need to know location to the file which was deleted by MSE. Open MSE, go to History tab, tick All detected items and click on the latest found threat (at the top of list) and you will see more about this detection. Under Items: , you will see location, please post in your next reply.I want to check whether there is something we have already deleted (everything we've deleted is stored in the backup of OTL).P.S.: Thanks for the wishes and to you too. I hope to be able to solve the problem before the holidays. Link to post Share on other sites More sharing options...
jkal Posted December 23, 2010 Author ID:364694 Share Posted December 23, 2010 Borislav -Here's what the history shows: FILE C:/WINDOWS/MSXSRSHC.DLLPROCESS: PID: 12180PROCESS: PID: 1752REG KEY: HKCU@S-1-5-21-1935655697-602162358-839522115-1004/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/RUN//CLOYONAFARUN KEY: HKCU@S-1-5-21-1935655697-602162358-839522115-1004/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/RUN//CLOYONAFAThanksJk Link to post Share on other sites More sharing options...
Maniac Posted December 24, 2010 ID:364842 Share Posted December 24, 2010 It seems something we've missed. Let's check:ESET Online ScannerNote: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install.Now click on Advanced Settings and select the following:Remove found threatsScan archivesScan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.[*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first![*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.[*]Copy and paste that log as a reply to this topic.Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Link to post Share on other sites More sharing options...
jkal Posted December 24, 2010 Author ID:364868 Share Posted December 24, 2010 Borislav -Before we proceed, I thought you should know this: I reviewed my MWB log and back on 6/30, this is the exact file that you and I first worked on together. Could it be MSE just somehow picked it up from the Quarantine? Forgive me if what I suggest sounds foolish.Thanks,JK Link to post Share on other sites More sharing options...
Maniac Posted December 24, 2010 ID:364992 Share Posted December 24, 2010 No, it's not.Look at the location of file: C:/WINDOWS/MSXSRSHC.DLL Link to post Share on other sites More sharing options...
jkal Posted December 24, 2010 Author ID:365038 Share Posted December 24, 2010 Got it. Just saw the CLOYONAFA extension in the log and thought it was strange. When I get back home (sometime tonight), I will run the ESET scan and report back.In the meantime - Happy Holidays!JK Link to post Share on other sites More sharing options...
Maniac Posted December 24, 2010 ID:365046 Share Posted December 24, 2010 Happy Holidays, too! Link to post Share on other sites More sharing options...
jkal Posted December 25, 2010 Author ID:365586 Share Posted December 25, 2010 C:\WINDOWS\iqudibot.dll a variant of Win32/Cimag.FK trojan cleaned by deleting (after the next restart) - quarantined Link to post Share on other sites More sharing options...
jkal Posted December 25, 2010 Author ID:365588 Share Posted December 25, 2010 Borislav -Merry Christmas!I'm not sure if I did that right, however, I didn't see a place to copy a log file. Just copied what was found to clipboard and sent. Also restarted.This morning I noticed occasional re-directs via Google that seem to be okay now. After the restart, it said the squidbot.dll was missing. I take that as a good sign. Will that error message continually pop up?Thanks again. I await your next instructions - whenever is convenient for you.JK Link to post Share on other sites More sharing options...
Maniac Posted December 25, 2010 ID:365638 Share Posted December 25, 2010 Merry Christmas! Are you sure is squidbot.dll ? Maybe you mean squid bot.dll ? Link to post Share on other sites More sharing options...
jkal Posted December 25, 2010 Author ID:365677 Share Posted December 25, 2010 Borislav -I didn't see a way to copy a log, it just gave me the option to copy the found item to the clipboard. This is what I sent.It doesn't seem to be re-directing me now, however, I'm not sure.jk Link to post Share on other sites More sharing options...
Maniac Posted December 26, 2010 ID:365690 Share Posted December 26, 2010 This error is very strange. I want additional scan for sure:Please do an online scan with Kaspersky WebScanner Read through the requirements and privacy statement and click on Accept button.It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.When the downloads have finished, click on Settings.Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs ArchivesMail databases[*]Click on My Computer under Scan.[*]Once the scan is complete, it will display the results. Click on View Scan Report.[*]You will see a list of infected items there. Click on Save Report As....[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.[*]Please post this log in your next reply. Link to post Share on other sites More sharing options...
jkal Posted December 26, 2010 Author ID:365899 Share Posted December 26, 2010 Borislav -After 20 minutes or so of updating, it says update failed - license expired. Tried to do it again - same thing. What can I be doing wrong?ThanksJK Link to post Share on other sites More sharing options...
jkal Posted December 26, 2010 Author ID:365907 Share Posted December 26, 2010 Borislav -Just scanned using SPYBOT - didn't remove this but thought you should see it. Should I FIX SELECTED PROBLEMS or wait for another scan?ThanksJKVirtumonde.prx: [sBI $B6BF2145] Autorun settings (Jyefizoyizi) (Registry value, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JyefizoyiziStatcounter: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)AdBrite: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)Zedo: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)MediaPlex: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)DoubleClick: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)LinkSynergy: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)FastClick: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)CasaleMedia: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)MediaPlex: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)Right Media: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)BurstMedia: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done)--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---2009-01-26 blindman.exe (1.0.0.8)2009-01-26 SDFiles.exe (1.6.1.7)2009-01-26 SDMain.exe (1.0.0.6)2009-01-26 SDUpdate.exe (1.6.0.12)2009-01-26 SpybotSD.exe (1.6.2.46)2009-03-05 TeaTimer.exe (1.6.6.32)2009-04-28 unins000.exe (51.49.0.0)2009-01-26 Update.exe (1.6.0.7)2009-07-28 advcheck.dll (1.6.3.17)2007-04-02 aports.dll (2.1.0.0)2008-06-14 DelZip179.dll (1.79.11.1)2009-01-26 SDHelper.dll (1.6.2.14)2008-06-19 sqlite3.dll2009-01-26 Tools.dll (2.1.6.10)2009-01-16 UninsSrv.dll (1.0.0.0)2010-10-05 Includes\Adware.sbi (*)2010-11-30 Includes\AdwareC.sbi (*)2010-08-13 Includes\Cookies.sbi (*)2010-12-14 Includes\Dialer.sbi (*)2010-12-14 Includes\DialerC.sbi (*)2010-01-25 Includes\HeavyDuty.sbi (*)2010-11-30 Includes\Hijackers.sbi (*)2010-11-30 Includes\HijackersC.sbi (*)2010-09-15 Includes\iPhone.sbi (*)2010-12-14 Includes\Keyloggers.sbi (*)2010-12-14 Includes\KeyloggersC.sbi (*)2004-11-29 Includes\LSP.sbi (*)2010-12-14 Includes\Malware.sbi (*)2010-12-22 Includes\MalwareC.sbi (*)2010-05-18 Includes\PUPS.sbi (*)2010-12-14 Includes\PUPSC.sbi (*)2010-01-25 Includes\Revision.sbi (*)2009-01-13 Includes\Security.sbi (*)2010-12-14 Includes\SecurityC.sbi (*)2008-06-03 Includes\Spybots.sbi (*)2008-06-03 Includes\SpybotsC.sbi (*)2010-12-14 Includes\Spyware.sbi (*)2010-12-14 Includes\SpywareC.sbi (*)2010-03-08 Includes\Tracks.uti2010-11-02 Includes\Trojans.sbi (*)2010-12-17 Includes\TrojansC-02.sbi (*)2010-12-16 Includes\TrojansC-03.sbi (*)2010-12-16 Includes\TrojansC-04.sbi (*)2010-12-21 Includes\TrojansC-05.sbi (*)2010-12-16 Includes\TrojansC.sbi (*)2008-03-04 Plugins\Chai.dll2008-03-05 Plugins\Fennel.dll2008-02-26 Plugins\Mate.dll2007-12-24 Plugins\TCPIPAddress.dll Link to post Share on other sites More sharing options...
Recommended Posts