Jump to content

Can't open ANYTHING -- Trojan problem


Recommended Posts

Hello,

Earlier today, I kept getting warnings and pop-ups about trojan's, and virus', and all that jazz, trying to get me to download things to help stop it. So I ran MBAM, and had to restart my computer.

When I did, everything was wonky.

When I tried to open MBAM again to empty out the quarentine, I got the "Open With..." Windows prompt.

I was able to open Internet Explorer because that was one of the options with the "Open With..." prompt.

Everything else that could help (things like NotePad can still be opened), can't be opened.

I can't open or even download MBAM to give a log, nor can I open or do something with HiJack This :(

This is a household computer, so I'm not sure if someone downloaded something that could have caused this, but that this point, that's all in the past, and I just want to try to get this fixed.

And to put me in an even more pouty mood, all the music on my iTunes is gone (which is always fantastic to discover...)

I'm sorry if this isn't the right area to post this (considering that I can't give a log).

Thank you so much for your time and any sort of help is apperciated.

Link to post
Share on other sites

Hello Lady Hatter

Welcome to Malwarebytes.

=====================

Is the machine running Windows XP?

If so please open Internet Explorer any way you can get it open and click the following link:

http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

Save that file to your desktop then right click on it and choose extract all and then let it extract to the desktop.

Open the new folder and double click on the exe fix file in there and choose yes to the prompts.

Then reboot and see if you can post the mbam log please.

If you do not have windows xp then just let me know and do not do the steps above.

Link to post
Share on other sites

Hello kahdah ,

I am so sorry that I keep adding replys, but last night, I found CCleaner (my desktop is a MESS) and it worked, and I was able to use it start up HiJack This and MBAM (I don't know how though...).

But here are the two logs, so hopefully that'll be of more help :o!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:27:41 AM, on 6/27/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17098)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\PC MightyMax 2011\TrayIcon.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"

O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [PC MightyMax 2011 Tray Icon] "C:\Program Files\PC MightyMax 2011\TrayIcon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/1.0.0971.38/WinSSWebAgent.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--

End of file - 8562 bytes

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6957

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

6/27/2011 7:47:23 AM

mbam-log-2011-06-27 (07-47-23).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)

Objects scanned: 260353

Time elapsed: 3 hour(s), 21 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3f6555c4-0a24-11dc-8314-0800200c9a66} (Rogue.PcMightyMax) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Owner\Local Settings\Application Data\yar.exe" -a "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hmm ok is everything blank on your desktop like no icons etc...?

Please try to through ccleaner open mbam again and update it then run it once more let it remove what it finds I want to see if it picks anything else up before we start.

Post the new log after rebooting and then let me know the state of the computer.

Link to post
Share on other sites

It's the task tray that's missing everything. All of my icons on my desktop are still in their place (thankfully).

There's only the volume button.

Everything seems to be working normally, though in the last log, it shows PCMightMax as a rouge, and it's still present in my task tray (and there's no where to uninstall it on my uninstall list).

Here is the new MBAM log

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6961

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

6/27/2011 4:34:57 PM

mbam-log-2011-06-27 (16-34-55).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Objects scanned: 261099

Time elapsed: 3 hour(s), 17 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Ok

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

OTL logfile created on: 6/28/2011 1:57:17 PM - Run 1

OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

366.91 Mb Total Physical Memory | 79.46 Mb Available Physical Memory | 21.66% Memory free

1.40 Gb Paging File | 0.99 Gb Available in Paging File | 70.91% Paging File free

Paging file location(s): c:\pagefile.sys 1104 1104 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.60 Gb Total Space | 79.75 Gb Free Space | 55.15% Space Free | Partition Type: NTFS

Drive D: | 4.43 Gb Total Space | 2.71 Gb Free Space | 61.18% Space Free | Partition Type: FAT32

Unable to calculate disk information.

Computer Name: ERICA | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\PC MightyMax 2011\TrayIcon.exe ()

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)

PRC - C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)

PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (SndTDriverV32) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Windows ® 2000/XP)

DRV - (MovRVDrv32) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys (Windows ® 2000 DDK provider)

DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)

DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (MR97310_USB_DUAL_CAMERA) -- C:\WINDOWS\system32\drivers\mr97310c.sys (Mars Semiconductor Corp.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\Aspi32.sys (Adaptec)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 3060

FF - prefs.js..network.proxy.type: 1

FF - user.js..browser.search.selectedEngine: "Google"

FF - user.js..browser.search.order.1: "Google"

FF - user.js..keyword.URL: "http://search.search-star.net/?sid=10101039100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 08:50:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{53E7FC68-4E81-4EEF-9204-D568CEE88E1E}: C:\Documents and Settings\Owner\Local Settings\Application Data\{53E7FC68-4E81-4EEF-9204-D568CEE88E1E} [2010/07/24 22:20:14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/06 09:22:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/08/07 11:33:12 | 000,000,000 | ---D | M]

[2008/07/13 20:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2008/07/13 20:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com

[2008/06/02 15:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn44kx16.default\extensions

[2009/12/06 16:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD

[2008/03/24 20:21:00 | 002,889,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

[2010/07/23 06:37:38 | 000,002,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/01/09 13:56:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [PC MightyMax 2011 Tray Icon] C:\Program Files\PC MightyMax 2011\TrayIcon.exe ()

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)

O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} https://www.windowsonecare.com/install/cli/1.0.0971.38/WinSSWebAgent.CAB (Reg Error: Key error.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game11.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/08/20 20:09:38 | 000,000,000 | ---D | M] - C:\AUTOTECH -- [ NTFS ]

O32 - Unable to obtain root file information for disk D:\

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 13:56:18 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/06/27 02:24:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent

[2011/06/27 02:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\licenses

[2011/06/27 02:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PCMM2009

[2011/06/27 02:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PCMM2011

[2011/06/27 02:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\PC MightyMax 2011

[2011/06/27 02:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC MightyMax 2011

[2011/06/27 01:35:56 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe

[2011/06/16 18:05:49 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

[2010/07/06 09:06:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/06/28 14:00:04 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2011/06/28 14:00:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2011/06/28 13:56:19 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/06/28 10:45:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2011/06/28 10:10:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2011/06/28 10:10:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2011/06/28 08:56:27 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2011/06/28 08:54:29 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2130007311-4114873701-2007067990-1003.job

[2011/06/28 08:54:28 | 000,012,626 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/06/28 08:54:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/06/28 08:52:50 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2130007311-4114873701-2007067990-1003.job

[2011/06/27 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2011/06/27 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2011/06/27 18:20:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2011/06/27 02:26:23 | 000,238,036 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cc_20110627_022615.reg

[2011/06/27 01:36:04 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe

[2011/06/27 00:33:52 | 000,010,156 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\4t4u82jn155cx524wbld46ofv0n81yb588eb08gk

[2011/06/27 00:33:52 | 000,010,156 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4t4u82jn155cx524wbld46ofv0n81yb588eb08gk

[2011/06/22 15:50:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/06/27 02:26:18 | 000,238,036 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cc_20110627_022615.reg

[2011/06/27 00:26:21 | 000,010,156 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\4t4u82jn155cx524wbld46ofv0n81yb588eb08gk

[2011/06/27 00:26:21 | 000,010,156 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4t4u82jn155cx524wbld46ofv0n81yb588eb08gk

[2011/01/19 22:13:52 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

[2010/07/23 17:32:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wcapiwumezimimi.bin

[2010/07/23 17:32:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wduno.dat

[2010/07/06 09:07:35 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml

[2010/07/06 09:06:05 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe

[2010/07/06 09:06:05 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat

[2010/07/06 09:06:05 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf

[2010/06/15 23:16:53 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/03/18 16:45:55 | 000,013,154 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\t7AHIvQWcAEro

[2010/03/18 16:45:55 | 000,013,154 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t7AHIvQWcAEro

[2010/03/15 17:59:46 | 000,013,020 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4GCn8U7

[2010/03/15 17:59:45 | 000,013,020 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\4GCn8U7

[2010/03/07 02:39:44 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old

[2010/03/07 01:28:07 | 000,012,750 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fwSG76dUmwJ

[2010/02/14 16:36:53 | 000,053,956 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/02/24 19:58:21 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat

[2008/12/22 23:14:45 | 000,000,045 | -H-- | C] () -- C:\WINDOWS\dsez5217.dat

[2008/08/16 13:05:10 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI

[2008/06/02 15:52:44 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008/05/14 15:08:01 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll

[2008/05/14 15:07:59 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe

[2008/05/14 15:07:59 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2008/05/14 15:07:58 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe

[2008/05/14 15:07:58 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe

[2008/05/14 15:07:58 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe

[2008/03/08 10:01:26 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2008/03/08 10:01:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2008/03/08 10:01:26 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2008/03/08 10:01:25 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2008/01/17 18:31:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI

[2007/12/29 13:02:24 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySVid.dat

[2007/12/29 13:01:17 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p4now.sys

[2007/12/22 00:54:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI

[2007/12/10 17:35:18 | 000,000,126 | ---- | C] () -- C:\WINDOWS\APOapp.INI

[2007/12/10 17:35:06 | 000,000,049 | ---- | C] () -- C:\WINDOWS\marscam.ini

[2007/11/03 11:13:43 | 000,000,281 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/09/10 19:59:29 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/08/20 20:09:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\atechloc.ini

[2007/08/20 20:09:24 | 000,000,083 | ---- | C] () -- C:\WINDOWS\atech.ini

[2007/07/10 19:44:37 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

[2007/07/10 19:44:31 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe

[2007/05/18 21:54:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2007/05/13 21:35:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini

[2007/05/13 19:52:12 | 000,000,053 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini

[2006/11/12 16:28:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2006/08/14 21:18:00 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2006/08/13 20:38:49 | 000,003,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/05/16 11:53:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2006/05/16 11:51:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat

[2006/05/16 11:49:46 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe

[2006/05/16 11:45:04 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe

[2006/05/16 11:42:24 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/05/16 11:18:44 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/08/27 05:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe

[2004/08/26 14:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/26 14:01:37 | 000,022,832 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/26 12:12:43 | 000,001,426 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004/08/26 12:12:43 | 000,000,486 | ---- | C] () -- C:\WINDOWS\System32\emver.ini

[2004/08/26 12:12:10 | 000,434,556 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/26 12:12:10 | 000,068,792 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/26 12:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/26 06:54:01 | 000,335,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003/08/07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2007/11/05 18:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Banner Maker Pro 7

[2009/05/16 12:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2010/06/27 03:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/12/13 00:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hKdMg06301

[2008/10/13 16:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hwboxavy

[2007/04/05 06:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster

[2007/11/03 12:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2006/08/14 21:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2010/08/04 16:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony

[2009/05/29 21:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development

[2010/03/07 22:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/07/13 20:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2010/07/23 19:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update

[2006/05/16 11:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/05/08 17:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs

[2008/04/16 16:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2010/12/25 15:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/01/27 12:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/07/06 09:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\aHisoft

[2010/06/08 17:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon

[2010/07/06 11:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent

[2010/12/09 19:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon

[2010/02/19 23:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Elluminate

[2008/11/23 21:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FUJIFILM

[2008/05/14 14:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GeoVid

[2009/09/28 18:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2011/06/27 20:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\licenses

[2009/10/15 08:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp

[2007/12/29 13:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Moyea

[2007/11/03 12:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound

[2010/05/11 16:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2011/06/27 02:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCMM2009

[2011/06/27 02:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCMM2011

[2009/08/09 21:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Porn Terminator

[2010/06/25 17:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers

[2006/05/16 11:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2006/08/14 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft

[2010/06/25 17:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony

[2009/05/29 21:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SYSTEMAX Software Development

[2011/01/19 22:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template

[2008/07/13 20:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom

[2010/07/06 11:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso

[2011/06/28 10:10:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2011/06/27 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2011/06/27 18:20:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2011/06/28 14:00:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2011/06/28 10:10:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2011/06/27 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2011/06/28 10:45:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2011/06/28 14:00:04 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 6/28/2011 1:57:17 PM - Run 1

OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

366.91 Mb Total Physical Memory | 79.46 Mb Available Physical Memory | 21.66% Memory free

1.40 Gb Paging File | 0.99 Gb Available in Paging File | 70.91% Paging File free

Paging file location(s): c:\pagefile.sys 1104 1104 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.60 Gb Total Space | 79.75 Gb Free Space | 55.15% Space Free | Partition Type: NTFS

Drive D: | 4.43 Gb Total Space | 2.71 Gb Free Space | 61.18% Space Free | Partition Type: FAT32

Unable to calculate disk information.

Computer Name: ERICA | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" %*

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files\PC MightyMax 2011\FileExtHandler.exe %1 (Microsoft)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"MPSLegacyEnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

"2479:TCP" = 2479:TCP:*:Enabled:Services

"3246:TCP" = 3246:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 1

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

"3246:TCP" = 3246:TCP:*:Enabled:Services

"2479:TCP" = 2479:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{12D3AF08-DDCB-48C9-A8C4-DBF28F0419EB}" = Microsoft Malware Protection On Access Scanner

"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 24

"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader

"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA Player 4.1

"{5033F411-4848-49D6-BAC2-DAA06AFA0AFC}" = HP Deskjet 2050 J510 series Basic Device Software

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help

"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2

"{6BE73D27-5ADC-4AD9-B619-8F5188AFCF9F}" = HP Deskjet 1050 J410 series Product Improvement Study

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update

"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007

"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B69B60A-E238-47EE-B60E-32BF41E2E6FA}" = PC MightyMax 2011

"{9C344D4A-69B8-430E-B463-BAA1A83D7F68}" = HP Deskjet 2050 J510 series Product Improvement Study

"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}" = Dr Watson for Microsoft Windows OneCare Live v1.0.0971.38

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{ECB35FFA-B010-45C5-9AB5-665AC7E27EE2}" = HP Deskjet 1050 J410 series Basic Device Software

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10

"AoA DVD Ripper_is1" = AoA DVD Ripper

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3

"Canon MP160 User Registration" = Canon MP160 User Registration

"CCleaner" = CCleaner (remove only)

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"Easy-WebPrint" = Easy-WebPrint

"ESET Online Scanner" = ESET Online Scanner v3

"HijackThis" = HijackThis 2.0.2

"HitmanPro35" = Hitman Pro 3.5

"HP Photo Creations" = HP Photo Creations

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader

"InterActual Player" = InterActual Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mr97310c_79b33283ba293e6c94e125bce27e0ecded0a2591" = Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PCFriendly" = PCFriendly

"PhotoFiltre" = PhotoFiltre

"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006

"PUBLISHERR" = Microsoft Office Publisher 2007

"RealPlayer 12.0" = RealPlayer

"STANDARDR" = Microsoft Office Standard 2007 Trial

"ViewpointMediaPlayer" = Viewpoint Media Player

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/26/2011 2:30:12 PM | Computer Name = ERICA | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.17098, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2011 5:41:42 PM | Computer Name = ERICA | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.17098, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2011 6:03:11 PM | Computer Name = ERICA | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.17098, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2011 7:09:42 PM | Computer Name = ERICA | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.17098, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2011 7:32:59 PM | Computer Name = ERICA | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.17098, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2011 8:04:29 PM | Computer Name = ERICA | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.17098, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2011 10:44:45 PM | Computer Name = ERICA | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.17098, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/27/2011 12:28:00 AM | Computer Name = ERICA | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.17098, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/27/2011 12:28:00 AM | Computer Name = ERICA | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.17098, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/27/2011 12:22:11 PM | Computer Name = ERICA | Source = Application Hang | ID = 1002

Description = Hanging application iTunes.exe, version 10.1.1.4, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 6/25/2011 3:49:24 PM | Computer Name = ERICA | Source = Service Control Manager | ID = 7000

Description = The npf service failed to start due to the following error: %%2

Error - 6/25/2011 6:33:28 PM | Computer Name = ERICA | Source = Service Control Manager | ID = 7000

Description = The npf service failed to start due to the following error: %%2

Error - 6/25/2011 6:35:14 PM | Computer Name = ERICA | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM

Service service to connect.

Error - 6/25/2011 6:35:14 PM | Computer Name = ERICA | Source = Service Control Manager | ID = 7000

Description = The IMAPI CD-Burning COM Service service failed to start due to the

following error: %%1053

Error - 6/26/2011 5:30:21 PM | Computer Name = ERICA | Source = Service Control Manager | ID = 7000

Description = The npf service failed to start due to the following error: %%2

Error - 6/27/2011 1:29:53 AM | Computer Name = ERICA | Source = Service Control Manager | ID = 7000

Description = The npf service failed to start due to the following error: %%2

Error - 6/27/2011 1:30:22 AM | Computer Name = ERICA | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p

asc3550

cbidf

cd20xrnt

CmdIde

Cpqarray

dac2w2k

dac960nt

dpti2o

hpn

i2omp

ini910u

IntelIde

mraid35x

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

sisagp

Sparrow

symc8xx

sym_hi

sym_u3

TosIde

ultra

viaagp

ViaIde

Error - 6/27/2011 1:41:06 AM | Computer Name = ERICA | Source = Service Control Manager | ID = 7000

Description = The npf service failed to start due to the following error: %%2

Error - 6/28/2011 8:55:16 AM | Computer Name = ERICA | Source = Service Control Manager | ID = 7000

Description = The npf service failed to start due to the following error: %%2

Error - 6/28/2011 8:56:48 AM | Computer Name = ERICA | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p

asc3550

cbidf

cd20xrnt

CmdIde

Cpqarray

dac2w2k

dac960nt

dpti2o

hpn

i2omp

ini910u

IntelIde

mraid35x

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

sisagp

Sparrow

symc8xx

sym_hi

sym_u3

TosIde

ultra

viaagp

ViaIde

< End of report >

Link to post
Share on other sites

Ok please do the following:

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

ComboFix 11-06-25.05 - Owner 06/30/2011 16:32:01.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.367.150 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HelpAssistant\WINDOWS

c:\documents and settings\Owner\Application Data\inst.exe

c:\documents and settings\Owner\WINDOWS

c:\program files\Mozilla Firefox\searchplugins\google_search.xml

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\Update.bat

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))

.

.

2011-06-27 06:16 . 2011-06-28 00:03 -------- d-----w- c:\documents and settings\Owner\Application Data\licenses

2011-06-27 06:16 . 2011-06-27 06:17 -------- d-----w- c:\documents and settings\Owner\Application Data\PCMM2009

2011-06-27 06:16 . 2011-06-27 06:16 -------- d-----w- c:\documents and settings\Owner\Application Data\PCMM2011

2011-06-27 06:15 . 2011-06-27 15:33 -------- d-----w- c:\program files\PC MightyMax 2011

2011-06-16 22:05 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-30 17:03 . 2010-06-16 03:16 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-05-29 13:11 . 2009-11-25 04:48 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2009-11-25 04:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 15:51 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 15:51 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 15:51 . 2004-08-04 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 15:51 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2011-04-25 12:01 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-06 202256]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2011-06-20 6556992]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-14 281768]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"PC MightyMax 2011 Tray Icon"="c:\program files\PC MightyMax 2011\TrayIcon.exe" [2011-04-08 122368]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"3246:TCP"= 3246:TCP:Services

"2479:TCP"= 2479:TCP:Services

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/27/2010 10:08 PM 136360]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 4:18 AM 360224]

S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [11/3/2007 11:09 AM 2688]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-06-28 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]

.

2011-06-28 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]

.

2011-06-27 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]

.

2011-06-30 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]

.

2011-06-28 c:\windows\Tasks\At5.job

- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 21:07]

.

2011-06-28 c:\windows\Tasks\At6.job

- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 21:07]

.

2011-06-28 c:\windows\Tasks\At7.job

- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 21:07]

.

2011-06-30 c:\windows\Tasks\At8.job

- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 21:07]

.

2011-06-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2130007311-4114873701-2007067990-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

.

2011-06-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2130007311-4114873701-2007067990-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.rr.com/

uInternet Settings,ProxyOverride = <local>;*.local

uSearchAssistant = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-klmdb.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-30 16:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2130007311-4114873701-2007067990-1003\Software\SecuROM\License information*]

"datasecu"=hex:99,f0,32,b1,39,2f,c9,f6,13,3b,01,9f,06,45,25,0a,eb,e4,09,68,d5,

f2,97,67,dd,31,7e,b9,89,a7,5d,15,94,65,c1,c2,80,f9,4b,fa,fa,46,c0,2d,bd,3d,\

"rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(524)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3256)

c:\windows\system32\WININET.dll

c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\bgsvcgen.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-06-30 17:02:37 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-30 21:02

.

Pre-Run: 89,034,059,776 bytes free

Post-Run: 88,983,339,008 bytes free

.

- - End Of File - - 31939F5B652CD54A8D5B6818FA879FDB

Link to post
Share on other sites

I tried, but I can't.

I went to the Add/Remove window in the control panel, but it's not listed there.

I tried deleting all the files from my desktop and right clicking the "PCMightyMax" icon on my task tray (to see if there was an uninstall option), but there wasn't and it's still there.

I then went to my program files under My Computer, and when I tried to delete the "PCMightyMax2011" folder, it popped up with an "Error Deleting File or Folder" message that said "Cannot delete ConfigurationManager.dll: Access is denied. Make sure the fisk is not full or write protected and that the file is not currently in use."

There isn't an option to disable it when I right-click the task tray icon, and I don't really know how to disable background running programs.

Link to post
Share on other sites

Ok we will remove it manually.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    c:\program files\PC MightyMax 2011
    c:\documents and settings\Owner\Application Data\PCMM2009
    c:\documents and settings\Owner\Application Data\PCMM2011

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC MightyMax 2011 Tray Icon"=-

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

============

After that let me know if things are back to normal?

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.