Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Referral [Solved]

Started by jbljohn , Jul 09 2009 07:58 PM

  • This topic is locked This topic is locked

#1
jbljohn
Posted 09 July 2009 - 07:58 PM

jbljohn

    Member

  • Member
  • PipPipPip
  • 326 posts
Here is my referral from Broni also at Geek to Go:
Half of the errors come from aswMon2.SYS, which is part of Avast.
The other half come from ntoskrnl.exe, which can indicate anything.
I'm not sure what's going on here.

I suggest that you start a new topic in the Malware Removal and Spyware Removal area.

Before you start a new topic click on this link --> Malware and Spyware Cleaning Guide, Please read before starting a new topic. This will give you a few preparations to make, as well as instruction for posting your OTListIt2 log.

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).


I have completed the Malware and Spyware Cleaning Guide (I think) Posted below are the requested results


Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 10 Stepping 0, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.11
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:69 Go - Free:39 Go )
D:\ [Fixed-FAT32] .. ( Total:5 Go - Free:2 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
K:\ [Removable]
L:\ [Fixed-FAT32] .. ( Total:111 Go - Free:26 Go )
.
Scan : 21:46.26
Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe
User : Owner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (600)
______ \??\C:\WINDOWS\system32\csrss.exe (668)
______ \??\C:\WINDOWS\system32\winlogon.exe (704)
______ C:\WINDOWS\system32\services.exe (752)
______ C:\WINDOWS\system32\lsass.exe (764)
______ C:\WINDOWS\system32\svchost.exe (928)
______ C:\WINDOWS\system32\svchost.exe (996)
______ C:\WINDOWS\System32\svchost.exe (1096)
______ C:\WINDOWS\system32\svchost.exe (1128)
______ C:\WINDOWS\System32\svchost.exe (1296)
______ C:\WINDOWS\System32\svchost.exe (1400)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1456)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1512)
______ C:\WINDOWS\system32\spoolsv.exe (1800)
______ C:\WINDOWS\Explorer.EXE (524)
______ C:\WINDOWS\System32\svchost.exe (952)
______ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (1048)
______ C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (1232)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (1360)
______ C:\Program Files\QuickTime\qttask.exe (1336)
______ C:\Program Files\ATI Multimedia\main\launchpd.exe (1380)
______ C:\WINDOWS\system32\ctfmon.exe (1388)
______ C:\WINDOWS\System32\svchost.exe (1980)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (1164)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (648)
______ C:\WINDOWS\System32\alg.exe (2384)
______ C:\Program Files\Internet Explorer\iexplore.exe (2464)
______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (3860)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:5953135104)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:5953167360 | Length:74093322240)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.ini
==> Vundo <==
.
----------------------\\ Scan completed at 21:46.35
.
C:\Rooter$\Rooter_1.txt - (09/07/2009 | 21:46.35)

OTL Extras logfile created on: 7/9/2009 9:49:17 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 678.04 Mb Available Physical Memory | 66.25% Memory free
1.56 Gb Paging File | 1.21 Gb Available in Paging File | 77.80% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.00 Gb Total Space | 39.67 Gb Free Space | 57.49% Space Free | Partition Type: NTFS
Drive D: | 5.53 Gb Total Space | 2.62 Gb Free Space | 47.30% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 111.76 Gb Total Space | 26.60 Gb Free Space | 23.80% Space Free | Partition Type: FAT32

Computer Name: YOUR-RTMEJESVBC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour File not found
C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager (Pinnacle Systems, Inc.)
C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio (Pinnacle Systems)
C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile ( )
C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:*:Enabled:PMSManager (Pinnacle Systems)
C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi (Pinnacle Systems, Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Computer, Inc.)
C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax File not found
C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server (Intuit Inc.)
C:\WINDOWS\LMI22E.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue File not found
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576 ()
C:\Program Files\NETGEAR\Media Server\MediaServer.exe:*:Enabled:Media Server (Digital 5 Inc)
C:\Documents and Settings\Owner\Local Settings\Temp\7zS2A.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{12C25800-EF49-4AE3-AF60-8981001A6F3B}" = Nuance PDF Professional 5
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{16E217EA-C3E0-402D-8D4F-6189DB74497A}" = Studio 9.4 Patch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{23170F69-40C1-2701-0904-000001000000}" = 7-Zip 9.04
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{460CE8B9-6EC2-458A-90D4-691631ECE9D9}" = Pinnacle MediaServer
"{46571E47-6457-4D68-A075-01BA1E62EC3F}" = TurboTax 2008 wsciper
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1
"{51729BDF-5ED6-41ED-9CC6-5BFC7F4A4C18}" = Better Homes and Gardens Landscaping and Deck Designer 7.0
"{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{66F418FE-38D5-449B-A982-CFE00CD640BF}" = TrekStor i.Beat emo
"{66F4C25D-B1FE-4316-BC63-79AD4E6724BF}" = ATI Multimedia Center
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B69C5C-87D6-471E-B695-0BD736C4B644}" = Retrospect 6.5
"{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = SAS10
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7FA4C993-5B8A-4AF2-9F2B-BC9CE7386947}" = ATI Decoder
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5}" = ATI Remote Wonder
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98936CBC-5E7A-4AD7-B05B-6D34C7C68E37}" = Hoyle Board Games 2005
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}" = GUIDE PLUS+™ for Windows® System - ATI
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE704636-ECD0-426C-952E-05B8DABD1949}" = EPSON PhotoStarter3.2
"{AF06F78B-ACF7-40E3-9D1A-BC5A0529298B}" = Print Perfect Deluxe
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B67624DE-75CE-4FAD-9F29-5C115773CE61}" = Studio 9 Content CD/DVD
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF5EE349-90CD-4422-A43B-661778180173}" = USB Disk Win98 Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFE78643-3CDB-46EF-9677-795415937ABB}" = CorelDRAW ESSENTIALS
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}" = EPSON PhotoCenter
"{D29FA925-E9D7-411E-8E75-C726EDF56AE6}" = Studio MediaSuite Recording
"{D361C406-ED11-4A88-AD42-4A749BBAE6F9}" = Hoyle Card Games 2007
"{D87D6386-3C2D-4239-9780-3418FB7B0E94}" = Print Lab Series
"{D99A12CC-9EFB-4FB3-9B1F-77E07D50A965}" = ATI Catalyst Control Center
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DE12AC99-F988-4EE5-BDE9-62623EE42E3B}" = MyAttorney Home And Business
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA10FC33-3DBC-4268-A90E-1681760FD417}" = The Home Depot® 3D Home Designer
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"0254DF9A-618A-4A2C-A5ED-FA7115988B02" = Word Symphony from Compaq (remove only)
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9" = Orbital from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"2FDCC229-354D-4279-ABEF-CE17E355BFFA" = Five Card Frenzy from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only)
"8A225900-C06D-41DD-B66C-43840D472758" = Otto from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"BackWeb-1940576 Uninstaller" = Compaq Connections
"C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only)
"CD LabelMaker" = CD LabelMaker
"CheckIt Diagnostics" = CheckIt Diagnostics
"Compaq Instant Support" = Compaq Instant Support
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F07504C6-20C5-4BFE-83A0-523FB2455E72" = Blackhawk Striker from Compaq (remove only)
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center 9.061
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"InstallShield_{66F4C25D-B1FE-4316-BC63-79AD4E6724BF}" = ATI Multimedia Center 9.061
"InstallShield_{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = AuthorScript Engine 1.0
"InstallShield_{7FA4C993-5B8A-4AF2-9F2B-BC9CE7386947}" = ATI Decoder
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5}" = ATI Remote Wonder 3.02
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{DE12AC99-F988-4EE5-BDE9-62623EE42E3B}" = MyAttorney Home And Business
"InstallShield_{EA10FC33-3DBC-4268-A90E-1681760FD417}" = The Home Depot® 3D Home Designer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"NETGEAR Media Server Installer" = NETGEAR Media Server Installer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" =
"proDAD-Heroglyph-1.0" = proDAD Heroglyph 1.0
"proDAD-Heroglyph-2.0" = proDAD Heroglyph 2.0
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"S3" = VIA/S3G Display Driver
"Samsung ML-2510 Series" = Samsung ML-2510 Series
"Silent Package Run-Time Sample" = EPSON CX6600 Reference Guide
"SMS" = Pinnacle Studio 9 Media Suite Components
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"WhoCrashed_is1" = WhoCrashed 1.01
"WIC" = Windows Imaging Component
"Window Washer" = Window Washer
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"eMusic Download Manager" = eMusic Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/9/2009 8:22:21 PM | Computer Name = YOUR-RTMEJESVBC | Source = MsiInstaller | ID = 11316
Description = Product: 7-Zip 9.04 -- Error 1316. A network error occurred while
attempting to read from the file: C:\Documents and Settings\Owner\Desktop\7z904[1].msi

[ System Events ]
Error - 7/9/2009 6:08:24 PM | Computer Name = YOUR-RTMEJESVBC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/9/2009 6:10:50 PM | Computer Name = YOUR-RTMEJESVBC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/9/2009 6:13:38 PM | Computer Name = YOUR-RTMEJESVBC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/9/2009 6:13:38 PM | Computer Name = YOUR-RTMEJESVBC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/9/2009 6:13:38 PM | Computer Name = YOUR-RTMEJESVBC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/9/2009 6:13:38 PM | Computer Name = YOUR-RTMEJESVBC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 7/9/2009 6:15:11 PM | Computer Name = YOUR-RTMEJESVBC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/9/2009 8:59:10 PM | Computer Name = YOUR-RTMEJESVBC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/9/2009 9:20:12 PM | Computer Name = YOUR-RTMEJESVBC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/9/2009 9:39:23 PM | Computer Name = YOUR-RTMEJESVBC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type


< End of report >


OTL logfile created on: 7/9/2009 9:49:17 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 678.04 Mb Available Physical Memory | 66.25% Memory free
1.56 Gb Paging File | 1.21 Gb Available in Paging File | 77.80% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.00 Gb Total Space | 39.67 Gb Free Space | 57.49% Space Free | Partition Type: NTFS
Drive D: | 5.53 Gb Total Space | 2.62 Gb Free Space | 47.30% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 111.76 Gb Total Space | 26.60 Gb Free Space | 23.80% Space Free | Partition Type: FAT32

Computer Name: YOUR-RTMEJESVBC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Disabled | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Disabled | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [Auto | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GEARSecurity [Disabled | Stopped]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [Disabled | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Integrated Multimedia Server [Disabled | Stopped]) -- C:\Program Files\NETGEAR\Media Server\immsService.exe ()
SRV - (IntuitUpdateService [Disabled | Stopped]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (iPodService [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (JavaQuickStarterService [Disabled | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSSQL$PINNACLESYS [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PDFProFiltSrv [Disabled | Stopped]) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (PinnacleSys.MediaServer [Disabled | Stopped]) -- c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe (Pinnacle Systems)
SRV - (RetroLauncher [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
SRV - (Retrospect Helper [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe (Dantz Development Corporation)
SRV - (RetroWDSvc [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe (Dantz Development Corporation)
SRV - (SQLAgent$PINNACLESYS [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (Symantec RemoteAssist [Disabled | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (wwEngineSvc [Disabled | Stopped]) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ASAPIW2k [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ASAPIW2K.sys (Pinnacle Systems GmbH)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ATI Remote Wonder II [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ATIRWVD.SYS (Jungo)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ATIAVAIW [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinavt2.sys (ATI Technologies Inc.)
DRV - (atinevxx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinevxx.sys (ATI Technologies Inc.)
DRV - (atinrvxx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinrvxx.sys (ATI Technologies Inc.)
DRV - (ATITUNEP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atineuxx.sys (ATI Technologies Inc.)
DRV - (ativraxx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinraxx.sys (ATI Technologies Inc.)
DRV - (ATIXSAudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinesxx.sys (ATI Technologies Inc.)
DRV - (BCMNTIO [Auto | Running]) -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS ()
DRV - (cdrdrv [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Cdrdrv.sys (Pinnacle Systems GmbH)
DRV - (DgiVecp [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys (Samsung Electronics Co., Ltd.)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (GEARAspiWDM [System | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (MAPMEM [Auto | Running]) -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS ()
DRV - (MarvinBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (MVDCODEC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinmdxx.sys (ATI Technologies Inc.)
DRV - (PCDCODEC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinpdxx.sys (ATI Technologies Inc.)
DRV - (PCLEPCI [System | Running]) -- C:\WINDOWS\System32\drivers\pclepci.sys (Pinnacle Systems GmbH)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (StMp3Rec [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\StMp3Rec.sys (Generic)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (vobiw [System | Running]) -- C:\WINDOWS\System32\drivers\vobIW.sys (Pinnacle Systems GmbH)
DRV - (XUIF [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/08 07:53:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/09 21:33:12 | 00,000,000 | ---D | M]


O1 HOSTS File: (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKCU..\Run: [ATI Launchpad] C:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
O4 - HKCU..\RunOnce: [] \Program Files\Internet Explorer\iexplore.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 5.11 - C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll ()
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameritrade.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: izone.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: troweprice.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: troweprice.com ([www3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1091817232828 (MSSecurityAdvisor Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8190.4608101852 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.5.148 24.25.5.147
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 18:15:59 | 00,000,140 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 02:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 00,000,036 | RH-- | M] () - L:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 00,000,000 | RH-D | M] - L:\autorun -- [ FAT32 ]
O33 - MountPoints2\{0e79861e-0b61-11d9-8778-00112f335afd}\Shell\AutoRun\command - "" = L:\SafeGuard\Windows\SafeGuard20.exe -- File not found
O33 - MountPoints2\{bc8a691e-9df5-11dd-9b27-00112f335afd}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{d9a262e8-114c-11d9-879a-00112f335afd}\Shell\AutoRun\command - "" = K:\SafeGuard\Windows\SafeGuard20.exe -- File not found
O33 - MountPoints2\{ea4cb15a-114e-11d9-879b-00112f335afd}\Shell\AutoRun\command - "" = SafeGuard\Windows\SafeGuard20.exe
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 20:54:58 | 00,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/09 21:48:24 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/09 21:46:35 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/09 21:45:14 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/07/09 21:30:23 | 00,000,000 | ---D | C] -- C:\4be227ac176f5b053f00d7c5
[2009/07/09 21:30:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/07/09 21:09:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/07/09 21:09:22 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/09 21:09:19 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/09 21:09:18 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/09 21:09:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/09 21:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/09 21:08:22 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/07/09 21:07:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/09 21:05:54 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/09 21:05:54 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/09 21:05:53 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/09 21:04:10 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/07/09 21:02:56 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/07/09 20:21:06 | 01,042,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\7z904.msi
[2009/07/09 17:59:48 | 00,834,092 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Memorex_20XDrives_Firmware_Update_Jun07.zip
[2009/07/09 16:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Autoruns
[2009/07/09 16:49:04 | 00,586,212 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Autoruns.zip
[2009/07/09 12:46:30 | 01,265,103 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\General-CleanTool.zip
[2009/07/08 19:15:54 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/07/08 09:44:54 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/07/08 09:44:54 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/07/08 09:44:54 | 00,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/08 09:44:53 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/07/08 09:44:51 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/07/08 09:44:51 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/07/08 09:44:51 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/07/08 09:44:51 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/07/08 09:44:51 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/07/08 09:44:34 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/07/08 09:44:34 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/07/08 09:44:31 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/08 07:53:31 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/08 07:53:31 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/08 07:53:31 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/08 07:53:31 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/08 07:53:31 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/08 00:36:36 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/07/08 00:06:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Canneverbe_Limited
[2009/07/08 00:06:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CDBurnerXP Projects
[2009/07/08 00:05:59 | 00,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2009/07/08 00:05:55 | 00,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2009/07/07 23:01:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/07/07 23:01:22 | 00,000,809 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AusLogics Disk Defrag.lnk
[2009/07/07 23:01:21 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/07/07 18:54:39 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/07 18:52:37 | 00,000,658 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WhoCrashed.lnk
[2009/07/07 18:52:37 | 00,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2009/07/07 18:25:41 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\EVEREST Home Edition.lnk
[2009/07/07 18:25:39 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009/07/06 23:20:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/07/06 23:15:00 | 00,001,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2009/07/06 23:14:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2009/07/06 23:05:13 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/07/06 23:05:05 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/09/19 17:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 17:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/29 08:03:37 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/06/29 08:02:39 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/05/04 19:35:43 | 00,000,163 | ---- | C] () -- C:\WINDOWS\QAWIN32.INI
[2007/04/05 16:13:15 | 00,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/04/05 16:12:29 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/04/05 16:12:29 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/12 12:48:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/12 12:48:19 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/02/11 16:00:51 | 00,000,065 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/11/30 18:29:38 | 00,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2005/11/30 18:15:59 | 00,001,194 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2005/11/27 17:16:27 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/27 17:16:27 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/26 20:02:14 | 00,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/11/15 19:01:32 | 00,000,767 | -HS- | C] () -- C:\WINDOWS\System32\cccdd.ini
[2005/11/09 14:21:11 | 00,274,837 | -HS- | C] () -- C:\WINDOWS\System32\rtvwa.ini
[2005/09/24 14:57:45 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/09/24 14:53:51 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/09/24 14:51:41 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/09/24 14:51:41 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/09/24 14:43:28 | 00,000,227 | ---- | C] () -- C:\WINDOWS\EPSON CX6600 Installer.ini
[2005/09/24 08:49:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/09/22 12:03:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/09/07 17:35:43 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2005/09/07 17:35:43 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2005/09/07 17:35:43 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2005/09/07 17:35:43 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2005/09/07 17:35:43 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2005/09/07 17:21:26 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2005/08/23 20:30:40 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2005/08/20 01:45:46 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2005/08/20 01:45:46 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[2005/08/20 01:45:28 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/08/20 01:45:26 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/08/19 17:49:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2005/08/19 17:14:36 | 00,000,060 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/07/29 14:38:24 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2005/02/03 18:32:56 | 00,041,984 | ---- | C] () -- C:\WINDOWS\System32\AQalphaGL.dll
[2004/12/20 19:24:03 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/09/28 08:46:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SafeGuard20.INI
[2004/09/23 21:10:26 | 00,103,436 | ---- | C] () -- C:\WINDOWS\System32\ShellEx.dll
[2004/09/21 16:28:45 | 01,778,176 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2004/09/21 16:28:45 | 00,916,480 | ---- | C] () -- C:\WINDOWS\System32\FFMpeg.dll
[2004/09/21 16:28:45 | 00,182,272 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2004/09/21 16:28:45 | 00,107,520 | ---- | C] () -- C:\WINDOWS\System32\dvrms.dll
[2004/09/21 16:28:45 | 00,104,612 | ---- | C] () -- C:\WINDOWS\System32\TomcatShellEx.dll
[2004/07/22 18:07:47 | 00,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/07/22 17:28:02 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/05/15 07:32:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/13 01:01:17 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/05/13 01:00:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/05/13 01:00:51 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/05/13 00:57:44 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/05/13 00:42:17 | 00,027,756 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/05/13 00:41:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/05/12 23:50:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/12 23:42:12 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/05/12 23:02:46 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/05/12 22:30:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/12 22:21:01 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/05/12 22:21:01 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/05/12 22:20:43 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/05/12 21:51:31 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/12 21:36:11 | 00,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/12 21:35:49 | 00,000,860 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/05/12 21:35:45 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/04/15 20:00:00 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/03/30 18:04:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/28 11:42:06 | 00,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2004/01/28 11:42:06 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/01/28 11:42:06 | 00,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2009/07/09 21:48:25 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/09 21:45:14 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/07/09 21:39:41 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/09 21:39:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/09 21:39:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/09 21:38:59 | 00,772,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/09 21:36:39 | 00,529,506 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/09 21:36:39 | 00,460,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/09 21:36:39 | 00,079,348 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/09 21:34:20 | 10,226,080 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/07/09 21:09:22 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/09 21:08:26 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/07/09 21:05:54 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/09 21:05:54 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/09 21:04:12 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/07/09 21:02:56 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/07/09 20:21:08 | 01,042,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\7z904.msi
[2009/07/09 18:13:37 | 00,000,860 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/09 18:13:37 | 00,000,281 | -HS- | M] () -- C:\boot.ini
[2009/07/09 18:13:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/09 17:59:51 | 00,834,092 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Memorex_20XDrives_Firmware_Update_Jun07.zip
[2009/07/09 17:31:49 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/07/09 17:30:18 | 00,003,892 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2009/07/09 16:49:06 | 00,586,212 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Autoruns.zip
[2009/07/09 12:46:30 | 01,265,103 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\General-CleanTool.zip
[2009/07/08 19:16:01 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/07/08 18:51:20 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2009/07/08 09:44:54 | 00,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/08 09:44:51 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/08 07:53:02 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/08 07:53:02 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/08 07:53:02 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/08 07:53:02 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/08 07:53:01 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/08 00:05:59 | 00,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2009/07/07 23:01:22 | 00,000,809 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AusLogics Disk Defrag.lnk
[2009/07/07 18:52:37 | 00,000,658 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WhoCrashed.lnk
[2009/07/07 18:25:41 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EVEREST Home Edition.lnk
[2009/07/06 23:15:01 | 00,001,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2009/07/01 14:20:59 | 00,002,463 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Savings Bonds.sbw.bak
[2009/07/01 14:20:59 | 00,002,463 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Savings Bonds.sbw
[2009/06/30 20:01:46 | 00,002,439 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Streets & Trips 2006.lnk
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/10 22:06:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >
  • 0

Advertisements

#2
hammerman
Posted 09 July 2009 - 11:53 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello jbljohn and welcome to GeeksToGo.
I'm hammerman and I'm going to help you fix your problem.

Please note that I am still in training and my replies need to be checked by an expert. This means there may be a small delay between my posts. Please bear with me.

I am looking through your log now and will reply as soon as possible.

Before we begin, I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
  • 0

#3
hammerman
Posted 10 July 2009 - 02:22 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi jbljohn,

Can you please carry out the following steps.

-- Step 1 --

You still have traces of Norton on your system. Please use the Norton removal tool here, selecting the correct version, to completely remove Norton from your computer.

-- Step 2 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
SRV - (Symantec RemoteAssist [Disabled | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
[2005/11/15 19:01:32 | 00,000,767 | -HS- | C] () -- C:\WINDOWS\System32\cccdd.ini
[2005/11/09 14:21:11 | 00,274,837 | -HS- | C] () -- C:\WINDOWS\System32\rtvwa.ini
O33 - MountPoints2\{0e79861e-0b61-11d9-8778-00112f335afd}\Shell\AutoRun\command - "" = L:\SafeGuard\Windows\SafeGuard20.exe -- File not found
O33 - MountPoints2\{bc8a691e-9df5-11dd-9b27-00112f335afd}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{d9a262e8-114c-11d9-879a-00112f335afd}\Shell\AutoRun\command - "" = K:\SafeGuard\Windows\SafeGuard20.exe -- File not found
O33 - MountPoints2\{ea4cb15a-114e-11d9-879b-00112f335afd}\Shell\AutoRun\command - "" = SafeGuard\Windows\SafeGuard20.exe
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 20:54:58 | 00,040,960 | -HS- | M] (XSS)

:Services

:Reg

:Files
C:\WINDOWS\system32\rtvwa.bak2

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.
-- Step 3 --

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
-- Step 4 --

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

-- Step 5 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please reply with
1. The report from the OTL fix in step 2
2. The MBAM report
3. The Kaspersky report
  • 0

#4
jbljohn
Posted 10 July 2009 - 08:13 PM

jbljohn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 326 posts
My Kaspersky has now been running for 30 minutes and is 4% completed does this seem normal? Below are my OTL and MBAM reports

Attached Files


  • 0

#5
jbljohn
Posted 11 July 2009 - 12:45 AM

jbljohn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 326 posts
Here is Kaspersky Report

KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, July 11, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, July 11, 2009 03:20:42
Records in database: 2458689
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 185800
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:18:59


File name / Threat name / Threats count
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1

The selected area was scanned.
  • 0

#6
hammerman
Posted 11 July 2009 - 12:51 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi jbljohn,

Can you please paste those logs into a reply rather than attach them.

Thanks
  • 0

#7
jbljohn
Posted 11 July 2009 - 01:27 AM

jbljohn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 326 posts
Here it is.

Note when I run Malware results automatically popped up and I saw no place to execute the instructions to "Make sure everything is checked and click Remove Selected" I could only select Exit.


OTL logfile created on: 7/9/2009 9:49:17 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 678.04 Mb Available Physical Memory | 66.25% Memory free
1.56 Gb Paging File | 1.21 Gb Available in Paging File | 77.80% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.00 Gb Total Space | 39.67 Gb Free Space | 57.49% Space Free | Partition Type: NTFS
Drive D: | 5.53 Gb Total Space | 2.62 Gb Free Space | 47.30% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 111.76 Gb Total Space | 26.60 Gb Free Space | 23.80% Space Free | Partition Type: FAT32

Computer Name: YOUR-RTMEJESVBC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Disabled | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Disabled | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [Auto | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GEARSecurity [Disabled | Stopped]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [Disabled | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Integrated Multimedia Server [Disabled | Stopped]) -- C:\Program Files\NETGEAR\Media Server\immsService.exe ()
SRV - (IntuitUpdateService [Disabled | Stopped]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (iPodService [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (JavaQuickStarterService [Disabled | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSSQL$PINNACLESYS [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PDFProFiltSrv [Disabled | Stopped]) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (PinnacleSys.MediaServer [Disabled | Stopped]) -- c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe (Pinnacle Systems)
SRV - (RetroLauncher [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
SRV - (Retrospect Helper [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe (Dantz Development Corporation)
SRV - (RetroWDSvc [Disabled | Stopped]) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe (Dantz Development Corporation)
SRV - (SQLAgent$PINNACLESYS [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (Symantec RemoteAssist [Disabled | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (wwEngineSvc [Disabled | Stopped]) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ASAPIW2k [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ASAPIW2K.sys (Pinnacle Systems GmbH)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ATI Remote Wonder II [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ATIRWVD.SYS (Jungo)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ATIAVAIW [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinavt2.sys (ATI Technologies Inc.)
DRV - (atinevxx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinevxx.sys (ATI Technologies Inc.)
DRV - (atinrvxx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinrvxx.sys (ATI Technologies Inc.)
DRV - (ATITUNEP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atineuxx.sys (ATI Technologies Inc.)
DRV - (ativraxx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinraxx.sys (ATI Technologies Inc.)
DRV - (ATIXSAudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinesxx.sys (ATI Technologies Inc.)
DRV - (BCMNTIO [Auto | Running]) -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS ()
DRV - (cdrdrv [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Cdrdrv.sys (Pinnacle Systems GmbH)
DRV - (DgiVecp [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys (Samsung Electronics Co., Ltd.)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (GEARAspiWDM [System | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (MAPMEM [Auto | Running]) -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS ()
DRV - (MarvinBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (MVDCODEC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinmdxx.sys (ATI Technologies Inc.)
DRV - (PCDCODEC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atinpdxx.sys (ATI Technologies Inc.)
DRV - (PCLEPCI [System | Running]) -- C:\WINDOWS\System32\drivers\pclepci.sys (Pinnacle Systems GmbH)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (StMp3Rec [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\StMp3Rec.sys (Generic)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (vobiw [System | Running]) -- C:\WINDOWS\System32\drivers\vobIW.sys (Pinnacle Systems GmbH)
DRV - (XUIF [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/08 07:53:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/09 21:33:12 | 00,000,000 | ---D | M]


O1 HOSTS File: (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKCU..\Run: [ATI Launchpad] C:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
O4 - HKCU..\RunOnce: [] \Program Files\Internet Explorer\iexplore.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 5.11 - C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll ()
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameritrade.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: izone.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: troweprice.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: troweprice.com ([www3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1091817232828 (MSSecurityAdvisor Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8190.4608101852 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.5.148 24.25.5.147
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 18:15:59 | 00,000,140 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 02:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 00,000,036 | RH-- | M] () - L:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 00,000,000 | RH-D | M] - L:\autorun -- [ FAT32 ]
O33 - MountPoints2\{0e79861e-0b61-11d9-8778-00112f335afd}\Shell\AutoRun\command - "" = L:\SafeGuard\Windows\SafeGuard20.exe -- File not found
O33 - MountPoints2\{bc8a691e-9df5-11dd-9b27-00112f335afd}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{d9a262e8-114c-11d9-879a-00112f335afd}\Shell\AutoRun\command - "" = K:\SafeGuard\Windows\SafeGuard20.exe -- File not found
O33 - MountPoints2\{ea4cb15a-114e-11d9-879b-00112f335afd}\Shell\AutoRun\command - "" = SafeGuard\Windows\SafeGuard20.exe
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 20:54:58 | 00,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/09 21:48:24 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/09 21:46:35 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/09 21:45:14 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/07/09 21:30:23 | 00,000,000 | ---D | C] -- C:\4be227ac176f5b053f00d7c5
[2009/07/09 21:30:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/07/09 21:09:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/07/09 21:09:22 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/09 21:09:19 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/09 21:09:18 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/09 21:09:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/09 21:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/09 21:08:22 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/07/09 21:07:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/09 21:05:54 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/09 21:05:54 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/09 21:05:53 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/09 21:04:10 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/07/09 21:02:56 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/07/09 20:21:06 | 01,042,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\7z904.msi
[2009/07/09 17:59:48 | 00,834,092 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Memorex_20XDrives_Firmware_Update_Jun07.zip
[2009/07/09 16:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Autoruns
[2009/07/09 16:49:04 | 00,586,212 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Autoruns.zip
[2009/07/09 12:46:30 | 01,265,103 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\General-CleanTool.zip
[2009/07/08 19:15:54 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/07/08 09:44:54 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/07/08 09:44:54 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/07/08 09:44:54 | 00,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/08 09:44:53 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/07/08 09:44:51 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/07/08 09:44:51 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/07/08 09:44:51 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/07/08 09:44:51 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/07/08 09:44:51 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/07/08 09:44:34 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/07/08 09:44:34 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/07/08 09:44:31 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/08 07:53:31 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/08 07:53:31 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/08 07:53:31 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/08 07:53:31 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/08 07:53:31 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/08 00:36:36 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/07/08 00:06:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Canneverbe_Limited
[2009/07/08 00:06:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CDBurnerXP Projects
[2009/07/08 00:05:59 | 00,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2009/07/08 00:05:55 | 00,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2009/07/07 23:01:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/07/07 23:01:22 | 00,000,809 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AusLogics Disk Defrag.lnk
[2009/07/07 23:01:21 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/07/07 18:54:39 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/07 18:52:37 | 00,000,658 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WhoCrashed.lnk
[2009/07/07 18:52:37 | 00,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2009/07/07 18:25:41 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\EVEREST Home Edition.lnk
[2009/07/07 18:25:39 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009/07/06 23:20:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/07/06 23:15:00 | 00,001,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2009/07/06 23:14:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2009/07/06 23:05:13 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/07/06 23:05:05 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/09/19 17:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 17:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/29 08:03:37 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/06/29 08:02:39 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/05/04 19:35:43 | 00,000,163 | ---- | C] () -- C:\WINDOWS\QAWIN32.INI
[2007/04/05 16:13:15 | 00,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/04/05 16:12:29 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/04/05 16:12:29 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/12 12:48:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/12 12:48:19 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/02/11 16:00:51 | 00,000,065 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/11/30 18:29:38 | 00,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2005/11/30 18:15:59 | 00,001,194 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2005/11/27 17:16:27 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/27 17:16:27 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/26 20:02:14 | 00,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/11/15 19:01:32 | 00,000,767 | -HS- | C] () -- C:\WINDOWS\System32\cccdd.ini
[2005/11/09 14:21:11 | 00,274,837 | -HS- | C] () -- C:\WINDOWS\System32\rtvwa.ini
[2005/09/24 14:57:45 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/09/24 14:53:51 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/09/24 14:51:41 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/09/24 14:51:41 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/09/24 14:43:28 | 00,000,227 | ---- | C] () -- C:\WINDOWS\EPSON CX6600 Installer.ini
[2005/09/24 08:49:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/09/22 12:03:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/09/07 17:35:43 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2005/09/07 17:35:43 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2005/09/07 17:35:43 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2005/09/07 17:35:43 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2005/09/07 17:35:43 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2005/09/07 17:21:26 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2005/08/23 20:30:40 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2005/08/20 01:45:46 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2005/08/20 01:45:46 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[2005/08/20 01:45:28 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/08/20 01:45:26 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/08/19 17:49:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2005/08/19 17:14:36 | 00,000,060 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/07/29 14:38:24 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2005/02/03 18:32:56 | 00,041,984 | ---- | C] () -- C:\WINDOWS\System32\AQalphaGL.dll
[2004/12/20 19:24:03 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/09/28 08:46:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SafeGuard20.INI
[2004/09/23 21:10:26 | 00,103,436 | ---- | C] () -- C:\WINDOWS\System32\ShellEx.dll
[2004/09/21 16:28:45 | 01,778,176 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2004/09/21 16:28:45 | 00,916,480 | ---- | C] () -- C:\WINDOWS\System32\FFMpeg.dll
[2004/09/21 16:28:45 | 00,182,272 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2004/09/21 16:28:45 | 00,107,520 | ---- | C] () -- C:\WINDOWS\System32\dvrms.dll
[2004/09/21 16:28:45 | 00,104,612 | ---- | C] () -- C:\WINDOWS\System32\TomcatShellEx.dll
[2004/07/22 18:07:47 | 00,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/07/22 17:28:02 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/05/15 07:32:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/13 01:01:17 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/05/13 01:00:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/05/13 01:00:51 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/05/13 00:57:44 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/05/13 00:42:17 | 00,027,756 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/05/13 00:41:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/05/12 23:50:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/12 23:42:12 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/05/12 23:02:46 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/05/12 22:30:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/12 22:21:01 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/05/12 22:21:01 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/05/12 22:20:43 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/05/12 21:51:31 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/12 21:36:11 | 00,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/12 21:35:49 | 00,000,860 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/05/12 21:35:45 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/04/15 20:00:00 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/03/30 18:04:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/28 11:42:06 | 00,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2004/01/28 11:42:06 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/01/28 11:42:06 | 00,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2009/07/09 21:48:25 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/09 21:45:14 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/07/09 21:39:41 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/09 21:39:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/09 21:39:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/09 21:38:59 | 00,772,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/09 21:36:39 | 00,529,506 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/09 21:36:39 | 00,460,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/09 21:36:39 | 00,079,348 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/09 21:34:20 | 10,226,080 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/07/09 21:09:22 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/09 21:08:26 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/07/09 21:05:54 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/07/09 21:05:54 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/07/09 21:04:12 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/07/09 21:02:56 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/07/09 20:21:08 | 01,042,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\7z904.msi
[2009/07/09 18:13:37 | 00,000,860 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/09 18:13:37 | 00,000,281 | -HS- | M] () -- C:\boot.ini
[2009/07/09 18:13:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/09 17:59:51 | 00,834,092 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Memorex_20XDrives_Firmware_Update_Jun07.zip
[2009/07/09 17:31:49 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/07/09 17:30:18 | 00,003,892 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2009/07/09 16:49:06 | 00,586,212 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Autoruns.zip
[2009/07/09 12:46:30 | 01,265,103 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\General-CleanTool.zip
[2009/07/08 19:16:01 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/07/08 18:51:20 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2009/07/08 09:44:54 | 00,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/08 09:44:51 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/08 07:53:02 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/08 07:53:02 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/08 07:53:02 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/08 07:53:02 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/08 07:53:01 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/08 00:05:59 | 00,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2009/07/07 23:01:22 | 00,000,809 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AusLogics Disk Defrag.lnk
[2009/07/07 18:52:37 | 00,000,658 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WhoCrashed.lnk
[2009/07/07 18:25:41 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EVEREST Home Edition.lnk
[2009/07/06 23:15:01 | 00,001,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2009/07/01 14:20:59 | 00,002,463 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Savings Bonds.sbw.bak
[2009/07/01 14:20:59 | 00,002,463 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Savings Bonds.sbw
[2009/06/30 20:01:46 | 00,002,439 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Streets & Trips 2006.lnk
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/10 22:06:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >

Malwarebytes' Anti-Malware 1.38
Database version: 2405
Windows 5.1.2600 Service Pack 3

7/11/2009 3:22:24 AM
mbam-log-2009-07-11 (03-22-24).txt

Scan type: Quick Scan
Objects scanned: 101819
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
hammerman
Posted 11 July 2009 - 05:19 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi jbljohn,

Can you please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Services

:Reg

:Files
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.
-- Step 2 --

Can you please reinstall Avast.
  • Download [url="http://<a%20href="http://files.avast.com/iavs4pro/setupeng.exe"%20target="_blank">http://files.avast.c...etupeng.exe</a>"]Avast[/url]
  • Download ASWclear utility
  • Disconnect your computer from the internet
  • Uninstall your current copy of Avast using the ASWclear utility
  • Reboot and then install your new copy of Avast

Can you please let me know if you are still getting errors about aswMon2.SYS and ntoskrnl.exe
  • 0

#9
jbljohn
Posted 11 July 2009 - 05:43 AM

jbljohn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 326 posts
Download Avast link not found on internet

Uable to run ASClear utility due to some sort of protection provided by Avast that must be turned off.

How will I know if I am stil getting errors about aswMon.SYS?

OTL report below.

Help!

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll unregistered successfully.
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 73444954 bytes
->Temporary Internet Files folder emptied: 19355616 bytes
->Java cache emptied: 401563 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_670.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 17048 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 89.00 mb


OTL by OldTimer - Version 3.0.6.5 log created on 07112009_072448

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_670.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#10
hammerman
Posted 11 July 2009 - 06:06 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Sorry - wrong link. Try this.

Did you use the ASWclear utility in Safe mode?
  • 0

Advertisements

#11
jbljohn
Posted 11 July 2009 - 12:46 PM

jbljohn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 326 posts
Avast removed using ASWclear utility in Safe Mode. Rebooted and installed new copy of Avast. If I'm getting errors about aswMon2.SYS or ntoskml.exe I don't know it - where do I look?
  • 0

#12
hammerman
Posted 11 July 2009 - 02:20 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi jbljohn,

Your computer is now clean. Please return to the Applications forum for further advice on those errors.

We now need to remove the tools I've used.

-- Step 1 --

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
-- Step 2 --

Your backup files in the System Restore points may be infected and need to be cleared. The only way to do this is to turn off System Restore and then turn it back on again. This will delete all your backup files in the System Restore points, including any that are infected. You can then create a new restore point containing your clean files. Please follow these instructions.

  • Right-click on My Computer and select Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply then click Yes to confirm. This will remove all your System Restore points and infected files.
  • Now uncheck the Turn off System Restore, click Apply then OK.
A new Restore Point has now been created containing backup files for your computer that are clean. You can create additional Restore Points at any time. Click here for instructions.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.
Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Adobe Updates

You are using an old version of Adobe reader. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

#13
jbljohn
Posted 11 July 2009 - 03:52 PM

jbljohn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 326 posts
Spyware Guard download is identified as being corrupted when I try to install? What do I do?

For Firewall I should disable Windows firewall and then install either Zone Alarm or Online Armor Free -- correct?
  • 0

#14
hammerman
Posted 11 July 2009 - 04:23 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi jbljohn,

Spyware Guard download is identified as being corrupted when I try to install? What do I do?


Can you try the download/install again. Also, post a screenshot of the error message if it happens again.

For Firewall I should disable Windows firewall and then install either Zone Alarm or Online Armor Free -- correct?


Windows firewall will be turned off automatically when you install the new firewall.
  • 0

#15
jbljohn
Posted 11 July 2009 - 05:42 PM

jbljohn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 326 posts
I ought to know this but how do I do a screen shot?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP