My computer is slow and getting pop ups [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

My computer is slow and getting pop ups [Solved], My computer seems to be infected

Options

jf3030 View Member Profile	Jun 11 2009, 01:27 PM Post #1
Member Posts: 40 OS: windows xp multimedia center	My computer is running super slow, show pop ups..... every 30 minutes I have to shut if off and reboot in order to use it for typing or internet use. I'm going to the Guide and run some test on it ... I'll be posting them here I guess. Thanks .. John

5 Pages

1 2 3 > »

Replies (1 - 14)

pauline addis View Member Profile	Jun 12 2009, 02:11 AM Post #2
Trusted Helper Posts: 777 From: Addis Abeba OS: Mac 10.5, Win XP, Win 7	Hello John, I will try to help you another time. According to your computer symptoms and the logs you will post, I will give you some instructions to follow, and some tools to run. I need you to just do what proposed, and not run any other tools by yourself. Also, I would need you to stick with me until I can tell that your computer is clean, and to not start any other topic in other part of the forum. If we are clear with this together, let's go If you have followed instructions from the Malware and Spyware Cleaning Guide, please post back the Malware Byte's Anti-Malware log, the Rooter report and the OTL logs (OTListIt.txt and Extras.txt). If not, please do so. If you can't run some tools, just tell me, indicating what errors you get. Regards Pauline This post has been edited by pauline addis: Jun 12 2009, 02:15 AM

jf3030 View Member Profile	Jun 15 2009, 08:31 AM Post #3
Member Posts: 40 OS: windows xp multimedia center	Hi Pauline, I'll get on it right away. Sorry I took too long to answer... we're right smack in the middle of wedding preparations. Thanks...

pauline addis View Member Profile	Jun 15 2009, 09:34 AM Post #4
Trusted Helper Posts: 777 From: Addis Abeba OS: Mac 10.5, Win XP, Win 7	Hello John, Thanks for information

jf3030 View Member Profile	Jun 15 2009, 12:16 PM Post #5
Member Posts: 40 OS: windows xp multimedia center	Hi Pauline, Here are all the reports you asked for...Thanks! ============================= Malwarebytes' Anti-Malware 1.37 Database version: 2259 Windows 5.1.2600 Service Pack 2 6/15/2009 12:41:47 PM mbam-log-2009-06-15 (12-41-47).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 249008 Time elapsed: 1 hour(s), 38 minute(s), 19 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Adware.Ascentive) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Adware.Ascentive) -> Quarantined and deleted successfully. c:\program files\ascentive\pc speedscan pro\PCSpeedScan.exe (Rogue.PCSpeedScan) -> Quarantined and deleted successfully. c:\program files\ascentive\performance center\APCLang.dll (Adware.Ascentive) -> Quarantined and deleted successfully. c:\documents and settings\JF1954\Desktop\file cleaners\SpeedScan.setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. =================== rooter log next: =================== Rooter.exe (v1.0) by Eric_71 � Microsoft Windows XP Professional (5.1.2600) Service Pack 2 32_bits - x86 Family 15 Model 2 Stepping 9, GenuineIntel � A:\ [Removable] C:\ [Fixed-NTFS] .. ( Total:109140 Mo - Free:35329 Mo ) D:\ [Fixed-FAT32] .. ( Total:5312 Mo - Free:896 Mo ) E:\ [CD_Rom] F:\ [CD_Rom] G:\ [CD_Rom] H:\ [Removable] U:\ [Removable] V:\ [Removable] W:\ [Removable] X:\ [Removable] � Scan : 12:53.27 Path : C:\Documents and Settings\JF1954\Desktop\File Cleaners\Rooter.exe User : JF1954 ( Administrator -> YES ) � ----------------------\\ Processes � Locked [System Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (560) ______ \??\C:\WINDOWS\system32\csrss.exe (624) ______ \??\C:\WINDOWS\system32\winlogon.exe (652) ______ C:\WINDOWS\system32\services.exe (696) ______ C:\WINDOWS\system32\lsass.exe (708) ______ C:\WINDOWS\system32\svchost.exe (892) ______ C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (928) ______ C:\WINDOWS\system32\svchost.exe (980) ______ C:\WINDOWS\System32\svchost.exe (1112) ______ C:\WINDOWS\system32\svchost.exe (1236) ______ C:\WINDOWS\system32\svchost.exe (1328) ______ C:\WINDOWS\system32\LEXBCES.EXE (1492) ______ C:\WINDOWS\system32\spoolsv.exe (1544) ______ C:\WINDOWS\system32\LEXPPS.EXE (1552) ______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1812) ______ c:\Program Files\Bonjour\mDNSResponder.exe (1836) ______ C:\WINDOWS\system32\CTsvcCDA.exe (1852) ______ C:\WINDOWS\ehome\ehSched.exe (1876) ______ C:\Program Files\Java\jre6\bin\jqs.exe (1920) ______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1936) ______ C:\WINDOWS\system32\svchost.exe (296) ______ C:\WINDOWS\system32\wdfmgr.exe (456) ______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (1224) ______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1200) ______ C:\WINDOWS\Explorer.EXE (2680) ______ C:\Program Files\Search Settings\SearchSettings.exe (3100) ______ C:\WINDOWS\system32\ctfmon.exe (3168) ______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3180) ______ C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe (3196) ______ C:\Program Files\Mozilla Firefox\firefox.exe (2744) ______ C:\Documents and Settings\JF1954\Desktop\File Cleaners\Rooter.exe (4044) � ----------------------\\ Device\Harddisk0\ � \Device\Harddisk0 [Sectors : 63 x 512 Bytes] � \Device\Harddisk0\Partition1 (Start_Offset:32256 \| Length:5581545984) \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:5581578240 \| Length:114441707520) � ----------------------\\ Scheduled Tasks � C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\Tasks\AppleSoftwareUpdate.job C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\SA.DAT � ----------------------\\ Registry � � ----------------------\\ Files & Folders � ----------------------\\ Scan completed at 12:54.21 � C:\Rooter$\Rooter_3.txt - (15/06/2009 \| 12:54.21) ======================= OTL.TXT REPORT ======================= OTL logfile created on: 6/15/2009 PM 1:01:50 - Run 1 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\JF1954\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 511.29 Mb Total Physical Memory \| 129.30 Mb Available Physical Memory \| 25.29% Memory free 1.22 Gb Paging File \| 0.77 Gb Available in Paging File \| 63.47% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 106.58 Gb Total Space \| 34.50 Gb Free Space \| 32.37% Space Free \| Partition Type: NTFS Drive D: \| 5.19 Gb Total Space \| 0.88 Gb Free Space \| 16.87% Space Free \| Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: \| 7.45 Gb Total Space \| 2.46 Gb Free Space \| 33.06% Space Free \| Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: JUAN-041AFD903F Current User Name: JF1954 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.) PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.) PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.) PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - c:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\WINDOWS\system32\CTsvcCDA.exe (Creative Technology Ltd) PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Documents and Settings\JF1954\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (avg8wd [Auto \| Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Bonjour Service [Auto \| Running]) -- c:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Creative Service for CDROM Access [Auto \| Running]) -- C:\WINDOWS\system32\CTsvcCDA.exe (Creative Technology Ltd) SRV - (ehSched [Auto \| Running]) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (LexBceS [Auto \| Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.) SRV - (MDM [Auto \| Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (NBService [On_Demand \| Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (szserver [Auto \| Running]) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.) SRV - (UMWdf [Auto \| Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) SRV - (WinDefend [Auto \| Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AFS2K [System \| Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (ALCXWDM [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ati2mtag [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (AvgLdx86 [System \| Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86 [System \| Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgTdiX [System \| Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Cdr4_xp [System \| Stopped]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (Cdralw2k [System \| Stopped]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (EvcapMaui [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\EvcapMau.sys (Emuzed, Inc.) DRV - (GEARAspiWDM [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (imagedrv [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\imagedrv.sys (Ahead Software AG) DRV - (imagesrv [Boot \| Running]) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys (Ahead Software AG) DRV - (ltmodem5 [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys (LT) DRV - (MR97310_USB_DUAL_CAMERA [On_Demand \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\mr97310c.sys (Mars Semiconductor Corp.) DRV - (Pcouffin [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys (VSO Software) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions) DRV - (rtl8139 [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation) DRV - (SASDIFSV [System \| Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM [On_Demand \| Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL [System \| Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys () DRV - (StillCam [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation) DRV - (szkg5 [Boot \| Running]) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.) DRV - (tmcomm [Auto \| Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (USBAAPL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.1.0.7 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.1 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/02 19:35:05 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/05/02 19:35:06 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/14 20:07:53 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/12 20:40:18 \| 00,000,000 \| ---D \| M] [2009/04/10 11:28:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\JF1954\Application Data\mozilla\Extensions [2009/04/10 11:28:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\JF1954\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/14 18:17:40 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\JF1954\Application Data\mozilla\Firefox\Profiles\7e6p9zg4.default\extensions [2009/01/15 06:54:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\JF1954\Application Data\mozilla\Firefox\Profiles\7e6p9zg4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/01/15 06:54:17 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\JF1954\Application Data\mozilla\Firefox\Profiles\7e6p9zg4.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2009/02/22 11:04:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\JF1954\Application Data\mozilla\Firefox\Profiles\7e6p9zg4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2007/12/24 12:13:36 \| 00,001,878 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Application Data\Mozilla\FireFox\Profiles\7e6p9zg4.default\searchplugins\aolsearch.xml [2008/06/18 08:36:33 \| 00,002,386 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Application Data\Mozilla\FireFox\Profiles\7e6p9zg4.default\searchplugins\siteadvisor.xml [2007/08/07 08:32:20 \| 00,005,593 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Application Data\Mozilla\FireFox\Profiles\7e6p9zg4.default\searchplugins\wordtracker.xml [2009/06/14 18:17:40 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/06/12 20:40:18 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/10/25 11:19:59 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009/06/12 09:24:40 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\search@searchsettings.com [2009/06/12 20:40:10 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/06/12 20:40:10 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/04/24 19:26:59 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/04/24 19:26:59 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/04/24 19:26:59 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/04/24 19:26:59 \| 00,002,343 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/04/24 19:26:59 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/04/24 19:26:59 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/06/12 09:24:40 \| 00,000,780 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (861 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {0af5d4fb-fd08-44d5-abe5-1e8932daa4e8} - Reg Error: Key error. File not found O2 - BHO: (no name) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - Reg Error: Key error. File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Reg Error: Key error. File not found O3 - HKLM\..\Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - Reg Error: Key error. File not found O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.) O3 - HKLM\..\Toolbar: (no name) - SITEguard - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7104EC46-5DFB-4609-84F0-915970E383D7} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m File not found O4 - HKCU..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup (CleanMyPC Software) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation) O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (TTestGenXInstallObject) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1225765975170 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2) O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modul...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab (ASPRO Installer Class) O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\jiyapise.dll) - C:\WINDOWS\system32\jiyapise.dll File not found O20 - AppInit_DLLs: (c:\windows\system32\tasurepa.dll) - c:\windows\system32\tasurepa.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/07/28 20:45:26 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/28 06:07:38 \| 00,000,000 \| -HS- \| M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2002/09/11 03:02:32 \| 00,000,045 \| -HS- \| M] () - D:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\D\Shell\AutoRun\command - "" = Info.exe folder.htt 480 480 O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - * [2009/06/15 12:55:55 \| 00,000,000 \| ---D \| M] ========== Files/Folders - Created Within 30 Days ========== [14 C:\Documents and Settings\JF1954\My Documents\.tmp files] [2100/02/23 18:55:50 \| 00,001,096 \| ---- \| C] () -- C:\WINDOWS\Lexmark_ICM.ini [2009/06/15 12:55:54 \| 00,501,760 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\JF1954\Desktop\OTL.exe [2009/06/14 19:46:08 \| 00,000,000 \| ---D \| C] -- C:\AAAJOHN [2009/06/14 19:19:14 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\My Documents\registrybackup [2009/06/14 19:17:28 \| 00,000,000 \| ---D \| C] -- C:\Program Files\CleanMyPC [2009/06/13 16:40:28 \| 00,000,000 \| ---D \| C] -- C:\Rooter$ [2009/06/13 15:04:31 \| 00,203,466 \| ---- \| C] () -- C:\tamuk2.jpg [2009/06/13 15:02:53 \| 00,215,384 \| ---- \| C] () -- C:\tamuk1.jpg [2009/06/12 15:08:42 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\Application Data\Search Settings [2009/06/12 09:24:40 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Search Settings [2009/06/12 09:23:53 \| 00,116,296 \| ---- \| C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2009/06/12 09:23:52 \| 01,986,560 \| ---- \| C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2009/06/12 09:23:52 \| 01,212,416 \| ---- \| C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2009/06/12 09:23:52 \| 00,348,160 \| ---- \| C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2009/06/12 09:23:52 \| 00,040,960 \| ---- \| C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll [2009/06/12 09:23:52 \| 00,015,360 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL [2009/06/12 09:23:51 \| 00,141,312 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL [2009/06/12 09:23:51 \| 00,119,568 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL [2009/06/12 09:23:50 \| 00,032,768 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL [2009/06/12 08:30:20 \| 00,000,000 \| ---D \| C] -- C:\clips [2009/06/11 18:35:00 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2009/06/11 16:43:34 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/06/11 16:13:33 \| 00,000,162 \| -H-- \| C] () -- C:\Documents and Settings\JF1954\My Documents\~$ekstogo.doc [2009/06/11 14:23:40 \| 00,024,064 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\geekstogo.doc [2009/06/11 07:43:48 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\Application Data\Nero [2009/06/10 19:30:27 \| 00,297,240 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\fireworks.jpg [2009/06/10 19:06:34 \| 00,000,000 \| ---D \| C] -- C:\arenas [2009/06/10 18:17:32 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\Desktop\File Cleaners [2009/06/10 12:50:52 \| 00,110,592 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\mass.doc [2009/06/10 11:38:26 \| 00,032,256 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\movie1.doc [2009/06/10 10:00:39 \| 00,074,433 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\address.jpg [2009/06/10 08:23:22 \| 00,015,872 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\schedule.xls [2009/06/10 08:10:15 \| 00,025,088 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\schedule.doc [2009/06/09 19:46:01 \| 00,548,352 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\jerry&ash.doc [2009/06/05 20:38:41 \| 00,000,162 \| -H-- \| C] () -- C:\Documents and Settings\JF1954\My Documents\~$BLANK1.doc [2009/06/04 15:27:51 \| 00,001,648 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\Photo2Album.lnk [2009/06/04 07:15:54 \| 00,025,088 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\trevino2.doc [2009/06/04 07:12:54 \| 00,029,184 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\trevino.doc [2009/06/03 11:55:39 \| 00,030,208 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\jerry.doc [2009/06/02 20:56:52 \| 00,024,576 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\imagine me without you.doc [2009/06/02 08:20:18 \| 00,097,448 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\trombone-6.jpg [2009/06/02 08:15:28 \| 00,037,892 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\boa-bandfest-3.jpg [2009/06/01 18:01:05 \| 00,028,672 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\John2.doc [2009/05/31 22:29:02 \| 00,028,160 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\john.doc [2009/05/27 06:03:19 \| 07,483,020 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\CUBE.flv [2009/05/26 19:57:57 \| 00,000,000 \| -HSD \| C] -- C:\found.000 [2009/05/26 19:20:32 \| 00,000,000 \| ---D \| C] -- C:\photos 2009 [2009/05/26 06:27:22 \| 00,024,032 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\Movie Releases.htm [2009/05/26 06:24:21 \| 00,027,136 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\MOVIE RELEASES.shs [2009/05/24 12:18:52 \| 00,965,632 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\birday invitation.doc [2009/05/24 11:42:37 \| 79,460,715 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\image3.psd [2009/05/23 19:01:18 \| 00,000,000 \| ---D \| C] -- C:\gussy [2009/05/23 17:56:21 \| 00,000,080 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\IMP AWARDS.url [2009/05/23 13:16:15 \| 01,508,864 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\birthday party.doc [2009/05/23 13:08:46 \| 07,958,016 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\birthday.sig [2009/05/22 07:49:40 \| 00,039,881 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\pspbrwse.jbf [2009/05/22 07:46:44 \| 00,099,873 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\john&ash.jpg [2009/05/22 06:36:09 \| 00,000,000 \| ---D \| C] -- C:\New Folder (2) [2009/05/22 06:33:49 \| 00,000,000 \| ---D \| C] -- C:\flv [2009/05/22 00:51:33 \| 00,354,235 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\Image2.jpg [2009/05/20 22:18:06 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\Desktop\john's DT folder [2009/05/16 20:43:28 \| 00,649,978 \| ---- \| C] () -- C:\superfriends-back.jpg [2009/05/16 20:33:19 \| 02,468,352 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\superfriends2.doc [2009/05/16 20:32:38 \| 03,789,312 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\superfriends1.doc [2009/05/16 16:51:38 \| 00,023,552 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\ACTS MASS 1.doc [2009/04/24 20:43:53 \| 00,000,075 \| ---- \| C] () -- C:\WINDOWS\st_affiliate.ini [2009/03/27 18:43:56 \| 00,086,016 \| ---- \| C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll [2008/12/23 14:43:27 \| 00,223,232 \| ---- \| C] () -- C:\WINDOWS\System32\sqlite3.dll [2008/12/16 18:58:36 \| 00,000,269 \| ---- \| C] () -- C:\WINDOWS\System32\MSXGGBDRIVER.DLL [2008/09/27 13:08:37 \| 00,000,020 \| ---- \| C] () -- C:\WINDOWS\ylgbzt.dll [2008/07/29 18:22:06 \| 00,625,938 \| -HS- \| C] () -- C:\WINDOWS\System32\pqBKlnpo.ini [2008/07/25 16:11:09 \| 00,635,243 \| -HS- \| C] () -- C:\WINDOWS\System32\AIPrAcdd.ini [2008/07/23 11:50:52 \| 03,596,288 \| ---- \| C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/07/23 11:47:34 \| 00,000,416 \| ---- \| C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/07/23 11:47:34 \| 00,000,416 \| ---- \| C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/07/23 11:46:38 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/07/22 12:50:44 \| 00,043,933 \| -HS- \| C] () -- C:\WINDOWS\System32\xkjqckdv.ini [2008/07/22 12:39:40 \| 00,877,472 \| -HS- \| C] () -- C:\WINDOWS\System32\lTDNonmp.ini [2008/05/07 20:23:30 \| 00,909,291 \| -HS- \| C] () -- C:\WINDOWS\System32\MnnTwGgh.ini [2008/04/13 18:56:32 \| 00,074,703 \| ---- \| C] () -- C:\WINDOWS\System32\mfc45.dll [2008/04/13 13:47:16 \| 00,000,967 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2008/03/23 20:18:29 \| 00,323,584 \| ---- \| C] () -- C:\WINDOWS\System32\FoxImager.dll [2008/03/09 19:51:29 \| 00,383,238 \| ---- \| C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2008/03/09 18:53:50 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\v2d.INI [2007/09/16 15:02:54 \| 00,114,688 \| ---- \| C] () -- C:\WINDOWS\System32\pdfmona.dll [2007/09/16 15:02:54 \| 00,050,364 \| ---- \| C] () -- C:\WINDOWS\System32\pdf995mon.dll [2007/07/12 11:57:17 \| 00,000,195 \| ---- \| C] () -- C:\WINDOWS\videoimp.ini [2007/06/25 11:45:43 \| 00,001,682 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007/04/22 20:02:15 \| 00,000,268 \| ---- \| C] () -- C:\WINDOWS\WorldMerge.INI [2007/03/24 17:09:52 \| 00,000,247 \| ---- \| C] () -- C:\WINDOWS\APOapp.INI [2007/02/09 18:41:10 \| 00,000,704 \| ---- \| C] () -- C:\WINDOWS\cdplayer.ini [2006/12/20 19:10:22 \| 00,000,134 \| ---- \| C] () -- C:\WINDOWS\ANS2000.INI [2006/12/20 19:10:22 \| 00,000,020 \| -H-- \| C] () -- C:\WINDOWS\akebook.ini [2006/12/20 19:10:22 \| 00,000,004 \| -H-- \| C] () -- C:\WINDOWS\a3kebook.ini [2006/11/17 20:12:05 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\hotComm.INI [2006/11/01 21:35:48 \| 00,000,229 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2006/10/17 21:19:20 \| 00,006,592 \| ---- \| C] () -- C:\WINDOWS\gwpreset.ini [2006/10/17 21:19:20 \| 00,001,667 \| ---- \| C] () -- C:\WINDOWS\goldwave.ini [2006/10/14 15:29:51 \| 00,000,343 \| ---- \| C] () -- C:\WINDOWS\PSTUDIO.INI [2006/08/22 19:22:29 \| 00,000,486 \| ---- \| C] () -- C:\WINDOWS\umaxuapi.ini [2006/08/22 19:22:17 \| 00,000,020 \| ---- \| C] () -- C:\WINDOWS\Temp.ini [2006/08/14 19:25:12 \| 00,000,165 \| ---- \| C] () -- C:\WINDOWS\wcx_ftp.ini [2006/08/07 08:51:42 \| 00,000,808 \| ---- \| C] () -- C:\WINDOWS\Ulead32.ini [2006/08/07 08:50:57 \| 00,000,016 \| ---- \| C] () -- C:\WINDOWS\S2600.INI [2006/08/06 14:30:46 \| 00,000,037 \| ---- \| C] () -- C:\WINDOWS\marscam.ini [2006/08/06 14:19:17 \| 00,028,672 \| R--- \| C] () -- C:\WINDOWS\System32\mr310exd.dll [2006/08/06 14:19:16 \| 00,036,864 \| R--- \| C] () -- C:\WINDOWS\System32\mr310exv.dll [2006/08/06 14:17:58 \| 00,015,164 \| ---- \| C] () -- C:\WINDOWS\mr310twc.ini [2006/08/06 10:23:11 \| 00,011,633 \| ---- \| C] () -- C:\WINDOWS\hpdj5100.ini [2006/07/31 22:50:31 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\iPlayer.INI [2006/07/29 08:46:16 \| 00,002,354 \| ---- \| C] () -- C:\WINDOWS\WINCMD.INI [2006/07/28 21:41:28 \| 00,014,012 \| ---- \| C] () -- C:\WINDOWS\Debug.ini [2006/07/28 14:54:57 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2005/07/15 13:35:56 \| 00,831,488 \| ---- \| C] () -- C:\WINDOWS\System32\libeay32.dll [2005/07/15 13:35:56 \| 00,159,744 \| ---- \| C] () -- C:\WINDOWS\System32\ssleay32.dll [2005/01/06 20:00:00 \| 00,081,920 \| ---- \| C] () -- C:\WINDOWS\System32\ieencode.dll [2005/01/06 20:00:00 \| 00,027,440 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2005/01/06 20:00:00 \| 00,001,134 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/01/06 20:00:00 \| 00,000,289 \| ---- \| C] () -- C:\WINDOWS\system.ini [2004/06/24 19:16:46 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\EzdCoIns.dll [2003/10/27 11:55:50 \| 00,000,307 \| ---- \| C] () -- C:\WINDOWS\LProS.ini [2003/08/05 13:25:44 \| 00,098,384 \| ---- \| C] () -- C:\WINDOWS\System32\EzRating.dll [2003/01/07 15:05:08 \| 00,002,695 \| ---- \| C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/01/21 03:04:28 \| 00,667,648 \| ---- \| C] () -- C:\WINDOWS\System32\Dtwain32.dll [2001/05/13 17:18:34 \| 00,000,209 \| ---- \| C] () -- C:\WINDOWS\X63_DS.ini [2000/10/24 09:08:36 \| 00,118,784 \| ---- \| C] () -- C:\WINDOWS\System32\Lfkodak.dll [2000/10/24 09:08:33 \| 00,338,944 \| ---- \| C] () -- C:\WINDOWS\System32\Lffpx7.dll [1997/10/24 14:56:36 \| 00,000,643 \| ---- \| C] () -- C:\WINDOWS\LEXSTAT.INI ========== Files - Modified Within 30 Days ========== [14 C:\Documents and Settings\JF1954\My Documents\.tmp files] [2009/06/15 12:56:07 \| 00,501,760 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\JF1954\Desktop\OTL.exe [2009/06/15 12:48:20 \| 00,013,646 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/06/15 12:48:04 \| 00,000,062 \| -HS- \| M] () -- C:\Documents and Settings\JF1954\Local Settings\desktop.ini [2009/06/15 12:47:35 \| 00,014,012 \| ---- \| M] () -- C:\WINDOWS\Debug.ini [2009/06/15 12:47:19 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/06/15 12:47:13 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/06/15 12:47:12 \| 53,620,3264 \| -HS- \| M] () -- C:\hiberfil.sys [2009/06/15 10:08:05 \| 00,002,354 \| ---- \| M] () -- C:\WINDOWS\WINCMD.INI [2009/06/15 08:54:27 \| 00,077,480 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/06/15 08:54:26 \| 37,123,328 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/06/14 20:58:18 \| 00,000,229 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2009/06/14 19:46:08 \| 00,040,930 \| -H-- \| M] () -- C:\TREEINFO.WC [2009/06/13 15:04:31 \| 00,203,466 \| ---- \| M] () -- C:\tamuk2.jpg [2009/06/13 15:02:53 \| 00,215,384 \| ---- \| M] () -- C:\tamuk1.jpg [2009/06/12 20:23:44 \| 00,039,881 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\pspbrwse.jbf [2009/06/12 08:46:56 \| 00,032,256 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\movie1.doc [2009/06/11 19:00:08 \| 00,000,165 \| ---- \| M] () -- C:\WINDOWS\wcx_ftp.ini [2009/06/11 16:13:33 \| 00,000,162 \| -H-- \| M] () -- C:\Documents and Settings\JF1954\My Documents\~$ekstogo.doc [2009/06/11 14:23:41 \| 00,024,064 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\geekstogo.doc [2009/06/10 19:30:27 \| 00,297,240 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\fireworks.jpg [2009/06/10 14:47:34 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/06/10 12:50:53 \| 00,110,592 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\mass.doc [2009/06/10 11:30:47 \| 00,015,872 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\schedule.xls [2009/06/10 10:00:40 \| 00,074,433 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\address.jpg [2009/06/10 09:58:07 \| 00,000,020 \| ---- \| M] () -- C:\WINDOWS\Temp.ini [2009/06/10 09:57:44 \| 00,000,486 \| ---- \| M] () -- C:\WINDOWS\umaxuapi.ini [2009/06/10 08:10:16 \| 00,025,088 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\schedule.doc [2009/06/10 07:38:00 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/06/09 20:04:32 \| 00,000,875 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Performance Center.lnk [2009/06/09 19:46:02 \| 00,548,352 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\jerry&ash.doc [2009/06/07 18:51:11 \| 00,001,134 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/06/05 20:38:52 \| 00,024,064 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\A-BLANK1.doc [2009/06/05 20:38:41 \| 00,000,162 \| -H-- \| M] () -- C:\Documents and Settings\JF1954\My Documents\~$BLANK1.doc [2009/06/04 15:28:33 \| 00,000,247 \| ---- \| M] () -- C:\WINDOWS\APOapp.INI [2009/06/04 15:27:51 \| 00,001,648 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\Photo2Album.lnk [2009/06/04 07:48:40 \| 00,029,184 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\trevino.doc [2009/06/04 07:15:54 \| 00,025,088 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\trevino2.doc [2009/06/04 07:10:38 \| 00,030,208 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\jerry.doc [2009/06/02 20:56:52 \| 00,024,576 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\imagine me without you.doc [2009/06/02 08:20:19 \| 00,097,448 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\trombone-6.jpg [2009/06/02 08:15:44 \| 00,037,892 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\boa-bandfest-3.jpg [2009/06/01 18:05:11 \| 00,028,672 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\John2.doc [2009/05/31 22:29:03 \| 00,028,160 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\john.doc [2009/05/26 13:20:08 \| 00,040,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/05/26 13:19:56 \| 00,019,096 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/05/26 06:27:28 \| 00,024,032 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\Movie Releases.htm [2009/05/26 06:24:22 \| 00,027,136 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\MOVIE RELEASES.shs [2009/05/26 00:11:28 \| 00,000,808 \| ---- \| M] () -- C:\WINDOWS\Ulead32.ini [2009/05/24 12:18:52 \| 00,965,632 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\birday invitation.doc [2009/05/24 11:42:55 \| 79,460,715 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\image3.psd [2009/05/23 17:56:35 \| 00,000,080 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\IMP AWARDS.url [2009/05/23 14:19:41 \| 00,000,037 \| ---- \| M] () -- C:\WINDOWS\marscam.ini [2009/05/23 14:19:38 \| 00,012,106 \| ---- \| M] () -- C:\WINDOWS\mr310twc.src [2009/05/23 13:16:15 \| 01,508,864 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\birthday party.doc [2009/05/23 13:08:46 \| 07,958,016 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\birthday.sig [2009/05/22 07:49:29 \| 00,099,873 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\john&ash.jpg [2009/05/22 00:52:49 \| 00,354,235 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\Image2.jpg [2009/05/16 20:55:13 \| 00,020,480 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\dad.doc [2009/05/16 20:43:30 \| 00,649,978 \| ---- \| M] () -- C:\superfriends-back.jpg [2009/05/16 20:33:20 \| 02,468,352 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\superfriends2.doc [2009/05/16 20:32:45 \| 03,789,312 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\superfriends1.doc [2009/05/16 17:43:47 \| 00,079,360 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\ACTS MASS-1.pub [2009/05/16 17:42:59 \| 00,043,008 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\ACTS MASS-2.pub [2009/05/16 17:12:42 \| 00,024,064 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\ACTS MASS 2.doc [2009/05/16 17:10:09 \| 00,023,552 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\ACTS MASS 1.doc < End of report > ================ EXTRAS.LOG ================ OTL Extras logfile created on: 6/15/2009 PM 1:01:50 - Run 1 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\JF1954\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 511.29 Mb Total Physical Memory \| 129.30 Mb Available Physical Memory \| 25.29% Memory free 1.22 Gb Paging File \| 0.77 Gb Available in Paging File \| 63.47% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 106.58 Gb Total Space \| 34.50 Gb Free Space \| 32.37% Space Free \| Partition Type: NTFS Drive D: \| 5.19 Gb Total Space \| 0.88 Gb Free Space \| 16.87% Space Free \| Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: \| 7.45 Gb Total Space \| 2.46 Gb Free Space \| 33.06% Space Free \| Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: JUAN-041AFD903F Current User Name: JF1954 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List "139:TCP" = 139:TCP::Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP::Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP::Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP::Enabled:@xpsp2res.dll,-22002 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] C:\Program Files\Ares\Ares.exe::Enabled:Ares File not found C:\wincmd\WINCMD32.EXE::Enabled:Windows Commander 32 bit international version, file manager replacement for Windows (C. Ghisler & Co.) C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe::Disabled:Java™ 2 Platform Standard Edition binary (Sun Microsystems, Inc.) C:\Program Files\InterVideo\DVD7\WinDVD.exe::Disabled:WinDVD File not found C:\Yahoo!\Messenger\YPager.exe::Enabled:Yahoo! Messenger File not found C:\Yahoo!\Messenger\YServer.exe::Enabled:Yahoo! FT Server File not found C:\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe::Enabled:Yahoo! Music Jukebox File not found C:\Program Files\iConferenceCL\BIN\hotComm.exe::Enabled:hotCommCL File not found C:\Program Files\OUGOMessenger\main.exe::Enabled:OUGO Messenger File not found C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger (Microsoft Corporation) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger File not found C:\Program Files\uTorrent\uTorrent.exe::Enabled:�Torrent File not found C:\Program Files\Ares Ultra\Ares Ultra.exe::Enabled:Ares Ultra p2p for windows File not found C:\WINDOWS\system32\LEXPPS.EXE::Enabled:LEXPPS.EXE (Lexmark International, Inc.) C:\Program Files\Azureus\Azureus.exe::Enabled:Azureus File not found C:\Program Files\Winamp Remote\bin\Orb.exe::Enabled:Orb File not found C:\Program Files\Winamp Remote\bin\OrbTray.exe::Enabled:OrbTray File not found C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe::Enabled:Orb Stream Client File not found C:\Program Files\MySpace\IM\MySpaceIM.exe::Enabled:MySpaceIM () C:\Program Files\eMule\emule.exe::Disabled:eMule File not found C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe::Disabled:Kaspersky Anti-Virus File not found C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe::Disabled:Kaspersky Internet Security 7.0 Setup (Kaspersky Lab) C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe::Disabled:McAfee Data Backup File not found C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe::Enabled:Render Manager File not found C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe::Enabled:PMSRegisterFile File not found C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe::Enabled:umi File not found C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe::Enabled:Pinnacle VideoSpin File not found C:\Program Files\Ares Vista\AresVista.exe::Disabled:Ares Vista File not found C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype File not found C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe::Enabled:Veoh Web Player File not found C:\Program Files\Java\jre6\bin\java.exe::Disabled:Java™ Platform SE binary (Sun Microsystems, Inc.) C:\Program Files\SPCK Software\FFA Blaster\Blaster.exe::Disabled:Blaster File not found C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour (Apple Inc.) C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{09211910-8EAB-4EAB-A0D9-2D3BFF53CA40}" = STOPzilla "{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1 "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10 "{28A5BF3F-3EE3-4724-8AF5-4D008F7624A3}" = PC SpeedScan Pro "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{314C19E0-7FA5-11D5-A6B4-0050BA724CB6}" = Vstascan "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{40261D0A-A385-4C1A-A7DE-5F270D9B1033}" = Nero 7 Premium "{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0 "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B1D5C738-07D6-11D8-80AE-00036D10F3B7}" = LabelCreator Pro "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{C85C2248-CF17-441F-972B-428F8AC37087}" = PC SpeedScan Pro "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}" = The Print Shop "{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}" = hp deskjet 5100 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "Any Video Converter_is1" = Any Video Converter 2.6.3 "Audacity_is1" = Audacity 1.2.6 "AVG8Uninstall" = AVG Free 8.5 "BroadJump Client Foundation" = BroadJump Client Foundation "BYOJeopardy_is1" = BYOJeopardy 1.2.12 "CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner "Creative Removable Disk Manager" = Creative Removable Disk Manager "Draw Poker Gold Edition" = Draw Poker Gold Edition "DreamSuite Bonus" = Uninstall DreamSuite Bonus "DVDXCopyPlatinum" = DVD X Copy Platinum 4.0.3 "Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 2.2.1 "FixTunes" = FixTunes (remove only) "FoxyTunesForFirefox" = FoxyTunes for Firefox "HFT" = HFT "HijackThis" = HijackThis 2.0.2 "hp deskjet 5100 series_Driver" = hp deskjet 5100 series "HP PrecisionScan LTX" = HP PrecisionScan LTX "hp print screen utility" = hp print screen utility "InterActual Player" = InterActual Player "iPhoto Plus 4" = iPhoto Plus 4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12 "Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11) "MyAlbum_is1" = MyAlbum version 2.5.5 "MySpaceIM" = MySpaceIM "Revo Uninstaller" = Revo Uninstaller 1.83 "Shockwave" = Shockwave "SysInfo" = Creative System Information "WavePad" = WavePad Uninstall "WebPost" = Microsoft Web Publishing Wizard 1.52 "Wincmd" = Windows Commander (Remove or Repair) "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinFR_is1" = WinFR 4.50 "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/13/2009 PM 6:02:03 \| Computer Name = JUAN-041AFD903F \| Source = Application Hang \| ID = 1001 Description = Fault bucket 1303034050. Error - 6/13/2009 PM 6:23:19 \| Computer Name = JUAN-041AFD903F \| Source = Application Hang \| ID = 1002 Description = Hanging application nero.exe, version 7.5.1.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/13/2009 PM 6:41:15 \| Computer Name = JUAN-041AFD903F \| Source = Application Error \| ID = 1000 Description = Faulting application nero.exe, version 7.5.1.1, faulting module msvcr71.dll, version 7.10.3052.4, fault address 0x00003023. Error - 6/13/2009 PM 9:17:54 \| Computer Name = JUAN-041AFD903F \| Source = MsiInstaller \| ID = 11721 Description = Product: STOPzilla -- Message 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: UninstallQuery, location: C:\Program Files\STOPzilla!\SZInit.Exe, command: /uq Available in Windows Installer version 2.0. Error - 6/14/2009 AM 5:58:22 \| Computer Name = JUAN-041AFD903F \| Source = Windows Media Center Download \| ID = 47 Description = Guide Service: Invalid headend. Please change lineup in Media Center Settings. Error - 6/14/2009 PM 6:38:32 \| Computer Name = JUAN-041AFD903F \| Source = Application Error \| ID = 1000 Description = Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 6/14/2009 PM 8:27:30 \| Computer Name = JUAN-041AFD903F \| Source = Application Error \| ID = 1004 Description = Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 6/14/2009 PM 10:03:26 \| Computer Name = JUAN-041AFD903F \| Source = Application Error \| ID = 1000 Description = Faulting application nerovision.exe, version 4.7.0.7, faulting module amcdocbase.dll, version 4.7.0.7, fault address 0x000508a3. Error - 6/15/2009 AM 5:58:27 \| Computer Name = JUAN-041AFD903F \| Source = Windows Media Center Download \| ID = 47 Description = Guide Service: Invalid headend. Please change lineup in Media Center Settings. Error - 6/15/2009 PM 1:59:40 \| Computer Name = JUAN-041AFD903F \| Source = Application Hang \| ID = 1002 Description = Hanging application OTL.exe, version 2.1.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 6/14/2009 PM 6:38:55 \| Computer Name = JUAN-041AFD903F \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: PCIIde Error - 6/14/2009 PM 6:43:41 \| Computer Name = JUAN-041AFD903F \| Source = Service Control Manager \| ID = 7023 Description = The Computer Browser service terminated with the following error: %%1460 Error - 6/14/2009 PM 7:06:49 \| Computer Name = JUAN-041AFD903F \| Source = Service Control Manager \| ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 Error - 6/14/2009 PM 8:27:03 \| Computer Name = JUAN-041AFD903F \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: PCIIde Error - 6/14/2009 PM 8:31:52 \| Computer Name = JUAN-041AFD903F \| Source = Service Control Manager \| ID = 7023 Description = The Computer Browser service terminated with the following error: %%1460 Error - 6/15/2009 AM 10:58:25 \| Computer Name = JUAN-041AFD903F \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: PCIIde Error - 6/15/2009 AM 11:03:06 \| Computer Name = JUAN-041AFD903F \| Source = Service Control Manager \| ID = 7023 Description = The Computer Browser service terminated with the following error: %%1460 Error - 6/15/2009 PM 1:46:00 \| Computer Name = JUAN-041AFD903F \| Source = DCOM \| ID = 10010 Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout. Error - 6/15/2009 PM 1:47:50 \| Computer Name = JUAN-041AFD903F \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: PCIIde Error - 6/15/2009 PM 1:52:39 \| Computer Name = JUAN-041AFD903F \| Source = Service Control Manager \| ID = 7023 Description = The Computer Browser service terminated with the following error: %%1460 < End of report >

pauline addis View Member Profile	Jun 16 2009, 02:23 AM Post #6
Trusted Helper Posts: 777 From: Addis Abeba OS: Mac 10.5, Win XP, Win 7	Hello John, Please, do as follow: Run OTL.exe Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.) PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O2 - BHO: (no name) - {0af5d4fb-fd08-44d5-abe5-1e8932daa4e8} - Reg Error: Key error. File not found O2 - BHO: (no name) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - Reg Error: Key error. File not found O3 - HKLM\..\Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Reg Error: Key error. File not found O3 - HKLM\..\Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - Reg Error: Key error. File not found O3 - HKLM\..\Toolbar: (no name) - SITEguard - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7104EC46-5DFB-4609-84F0-915970E383D7} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe () O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O20 - AppInit_DLLs: (C:\WINDOWS\system32\jiyapise.dll) - C:\WINDOWS\system32\jiyapise.dll File not found O20 - AppInit_DLLs: (c:\windows\system32\tasurepa.dll) - c:\windows\system32\tasurepa.dll File not found O32 - AutoRun File - [2001/07/28 06:07:38 \| 00,000,000 \| -HS- \| M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2002/09/11 03:02:32 \| 00,000,045 \| -HS- \| M] () - D:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\D\Shell\AutoRun\command - "" = Info.exe folder.htt 480 480 :Commands [purity] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post a new OTL log �� Download ComboFix by sUBs to your Desktop. Link 1 Link 2 Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs Double click combofix.exe and follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply. Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. CF disconnects your machine from the Internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

jf3030 View Member Profile	Jun 16 2009, 07:40 AM Post #7
Member Posts: 40 OS: windows xp multimedia center	Pauline here's the report from Old Timer I'll do the next scan right now. John. ========== OTL ========== Process explorer.exe killed successfully! No active process named SZServer.exe was found! No active process named avgwdsvc.exe was found! Process SearchSettings.exe killed successfully! Unable to kill active process SUPERAntiSpyware.exe! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0af5d4fb-fd08-44d5-abe5-1e8932daa4e8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0af5d4fb-fd08-44d5-abe5-1e8932daa4e8}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1827766B-9F49-4854-8034-F6EE26FCB1EC}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98828DED-A591-462F-83BA-D2F62A68B8B8} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98828DED-A591-462F-83BA-D2F62A68B8B8}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\SITEguard deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{7104EC46-5DFB-4609-84F0-915970E383D7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7104EC46-5DFB-4609-84F0-915970E383D7}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully. C:\Program Files\Search Settings\SearchSettings.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Performance Center deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe moved successfully. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found. Starting removal of ActiveX control Microsoft XML Parser for Java Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\jiyapise.dll deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\tasurepa.dll deleted successfully. D:\AUTOEXEC.BAT moved successfully. D:\Autorun.inf moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully. File Info.exe folder.htt 480 480 not found. ========== COMMANDS ========== File delete failed. C:\Documents and Settings\JF1954\Local Settings\Temp\etilqs_2qRiTmugOfpAc2wnOS3W scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_798.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTL by OldTimer - Version 2.1.1.0 log created on 06162009_074814 Files moved on Reboot... File C:\Documents and Settings\JF1954\Local Settings\Temp\etilqs_2qRiTmugOfpAc2wnOS3W not found! File C:\WINDOWS\temp\Perflib_Perfdata_798.dat not found! Registry entries deleted on Reboot... This post has been edited by jf3030: Jun 16 2009, 07:42 AM

jf3030 View Member Profile	Jun 16 2009, 07:46 AM Post #8
Member Posts: 40 OS: windows xp multimedia center	Pauline, I ran into a little problem I think. I'm trying to run ComboFix and I'm getting this error... antivirus: Trend Micro PC-cillin Internet Security 2007 The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk. I'm going to run it anyway... I'll post what happened immediately afterward. John

jf3030 View Member Profile	Jun 16 2009, 08:09 AM Post #9
Member Posts: 40 OS: windows xp multimedia center	Here's the ComboFix Log. ======================== ComboFix 09-06-15.07 - JF1954 06/16/2009 8:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.147 [GMT -5:00] Running from: c:\documents and settings\JF1954\Desktop\ComboFix.exe AV: Trend Micro PC-cillin Internet Security 2007 On-access scanning enabled (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro PC-cillin Internet Security (Firewall) enabled {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\JF1954\err.log c:\documents and settings\JF1954\Favorites\Download programs.url c:\documents and settings\JF1954\Favorites\Videos.url c:\documents and settings\JF1954\Start Menu\Programs\Download programs.url c:\documents and settings\JF1954\Start Menu\Programs\Games.url c:\documents and settings\JF1954\Start Menu\Programs\Translator.url C:\text.txt c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\IE4 Error Log.txt c:\windows\mscon.sio c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\AIPrAcdd.ini c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\lTDNonmp.ini c:\windows\system32\MnnTwGgh.ini c:\windows\system32\MSXGGBDRIVER.DLL c:\windows\system32\o4Patch.exe c:\windows\system32\pqBKlnpo.ini c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe c:\windows\system32\xkjqckdv.ini D:\Desktop.ini . ((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 ))))))))))))))))))))))))))))))) . 2009-06-16 12:48 . 2009-06-16 13:31 -------- d-----w- C:\_OTL 2009-06-15 22:36 . 2009-06-15 22:36 -------- d-----w- c:\program files\1st Mass Mailer 2009-06-15 21:02 . 2000-01-26 04:26 132608 ----a-w- c:\windows\system32\STAMIN32.DLL 2009-06-15 00:46 . 2009-06-15 00:46 -------- d-----w- C:\AAAJOHN 2009-06-15 00:17 . 2009-06-15 00:17 -------- d-----w- c:\program files\CleanMyPC 2009-06-13 21:40 . 2009-06-15 17:54 -------- d-----w- C:\Rooter$ 2009-06-12 20:08 . 2009-06-12 20:08 -------- d-----w- c:\documents and settings\JF1954\Application Data\Search Settings 2009-06-12 14:24 . 2009-06-12 14:24 -------- d-----w- c:\program files\Search Settings 2009-06-12 14:23 . 2005-03-11 23:37 1986560 ----a-w- c:\windows\system32\AudFile.dll 2009-06-12 14:23 . 2005-02-24 18:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll 2009-06-12 14:23 . 2005-02-24 17:51 348160 ----a-w- c:\windows\system32\WMAFile.dll 2009-06-12 14:23 . 2003-01-26 17:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll 2009-06-12 14:23 . 1998-07-13 03:00 15360 ----a-w- c:\windows\system32\inetfr.DLL 2009-06-12 14:23 . 2000-10-01 23:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2009-06-12 14:23 . 1998-07-13 03:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2009-06-12 14:23 . 1998-07-12 23:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL 2009-06-12 13:30 . 2009-06-12 13:30 -------- d-----w- C:\clips 2009-06-11 23:35 . 2009-06-16 13:29 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-11 12:43 . 2009-06-13 00:52 -------- d-----w- c:\documents and settings\JF1954\Application Data\Nero 2009-06-11 00:06 . 2009-06-11 00:22 -------- d-----w- C:\arenas 2009-05-27 00:57 . 2009-05-27 00:57 -------- d-sh--w- C:\found.000 2009-05-27 00:20 . 2009-05-27 02:25 -------- d-----w- C:\photos 2009 2009-05-24 00:01 . 2009-06-16 02:48 -------- d-----w- C:\gussy 2009-05-22 11:36 . 2009-05-23 11:34 -------- d-----w- C:\New Folder (2) 2009-05-22 11:33 . 2009-05-23 23:58 -------- d-----w- C:\flv . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-16 13:59 . 2008-04-14 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-06-16 13:29 . 2006-07-28 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-16 13:29 . 2008-10-03 10:54 -------- d-----w- c:\documents and settings\JF1954\Application Data\SUPERAntiSpyware.com 2009-06-15 22:36 . 2008-08-24 21:32 -------- d-----w- c:\documents and settings\JF1954\Application Data\Azureus 2009-06-15 21:57 . 2006-08-14 13:02 -------- d-----w- c:\program files\WorldCast 2009-06-15 15:03 . 2009-04-25 00:01 -------- d-----w- c:\program files\Lavasoft 2009-06-15 15:03 . 2008-05-08 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-06-14 01:16 . 2008-07-18 22:26 -------- d-----w- c:\program files\Duplicate Music Files Finder 2009-06-11 00:14 . 2008-10-26 21:06 -------- d-----w- c:\documents and settings\JF1954\Application Data\Any Video Converter 2009-06-10 01:12 . 2008-07-22 17:35 -------- d-----w- c:\documents and settings\JF1954\Application Data\TmpRecentIcons 2009-05-23 23:24 . 2006-08-12 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-05-16 23:05 . 2009-05-16 23:05 10684866 ----a-w- c:\documents and settings\JF1954\Application Data\Azureus\plugins\azump\mplayer.exe 2009-05-11 22:47 . 2009-05-09 17:17 -------- d-----w- c:\program files\Total Training 2009-05-10 13:54 . 2008-12-30 03:41 -------- d-----w- c:\program files\STOPzilla! 2009-05-10 13:40 . 2007-01-19 03:09 -------- d-----w- c:\program files\AviSynth 2.5 2009-05-10 13:36 . 2009-05-10 13:36 -------- d-----w- c:\program files\VS Revo Group 2009-05-10 00:58 . 2008-04-19 18:34 -------- d-----w- c:\program files\iTunes 2009-05-10 00:57 . 2008-02-16 18:10 -------- d-----w- c:\program files\iPod 2009-05-10 00:28 . 2009-03-21 01:10 -------- d-----w- c:\program files\HooTech 2009-05-08 19:36 . 2006-08-15 22:27 -------- d-----w- c:\program files\LabelCreator Pro 2009-05-04 22:48 . 2006-07-29 02:18 114192 ----a-w- c:\documents and settings\JF1954\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-03 00:35 . 2009-05-03 00:35 -------- d-----w- c:\program files\AVG 2009-04-26 22:22 . 2009-04-26 22:22 -------- d-----w- c:\program files\Alwil Software 2009-04-24 04:09 . 2009-03-27 23:43 -------- d-----w- c:\program files\Ascentive 2009-04-21 23:08 . 2006-08-06 15:30 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS 2009-04-20 01:34 . 2009-03-02 11:38 -------- d-----w- c:\program files\Free PDF to Word Doc Converter 2009-04-08 23:50 . 2009-04-08 23:50 94115 ----a-w- c:\windows\Msvcrt10.zip 2009-04-02 20:55 . 2008-12-23 15:35 217088 ----a-w- c:\windows\system32\ConTest.dll 2008-01-01 00:36 . 2008-01-01 00:36 19 ----a-w- c:\program files\Answer.txt 2007-06-28 00:50 . 2007-06-28 00:21 385024 ----a-w- c:\program files\Gendb5.mdb 2007-06-25 21:07 . 2007-06-25 16:45 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2004-08-04 05:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\ServicePackFiles\i386\svchost.exe [-] 2005-01-07 01:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe [-] 2005-01-07 01:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe [-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2005-01-07 01:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll [-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll [-] 2004-08-04 05:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\ServicePackFiles\i386\user32.dll [-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll [-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\user32.dll [-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll [-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll [-] 2004-08-04 05:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2005-01-07 01:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll [-] 2005-01-07 01:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll [-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll [-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll [-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll [-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll [-] 2005-01-07 01:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB916281$\wininet.dll [-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll [-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll [-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\$NtUninstallKB925454$\wininet.dll [-] 2006-10-23 15:17 658944 6B2735ADFF5A5D3B9130CA4A794722F0 c:\windows\$NtUninstallKB928090$\wininet.dll [-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\$NtUninstallKB931768$\wininet.dll [-] 2004-08-04 05:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ServicePackFiles\i386\wininet.dll [-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\SoftwareDistribution\Download\85ea9e216393783c9ef11731dd1cea2d\sp2gdr\wininet.dll [-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\SoftwareDistribution\Download\85ea9e216393783c9ef11731dd1cea2d\sp2qfe\wininet.dll [-] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2GDR\wininet.dll [-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2QFE\wininet.dll [-] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\system32\wininet.dll [-] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\system32\dllcache\wininet.dll [-] 2005-01-07 01:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2004-08-04 04:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\ServicePackFiles\i386\TCPIP.SYS [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2qfe\tcpip.sys [-] 2007-12-25 08:04 359808 8D8949936913B041C6A0E184FBF1030B c:\windows\system32\dllcache\TCPIP.SYS [-] 2007-12-25 08:04 359808 8D8949936913B041C6A0E184FBF1030B c:\windows\system32\drivers\TCPIP.SYS [-] 2004-08-04 05:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2005-01-07 01:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe [-] 2005-01-07 01:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe [-] 2004-08-04 04:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\ServicePackFiles\i386\ndis.sys [-] 2005-01-07 01:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys [-] 2005-01-07 01:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 04:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2005-01-07 01:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys [-] 2005-01-07 01:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys [-] 2005-01-07 01:00 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2005-03-02 00:34 2015232 3CD941E472DDF3534E53038535719771 c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe [-] 2005-06-23 00:05 2015744 65F4B29A0793ADB5D924FB3F47F1BCA4 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe [-] 2006-12-19 16:12 2017280 FA64F313F5237C53A909906113ACAE7D c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2004-08-04 03:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\ntkrnlpa.exe [-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\ntkrnlpa.exe [-] 2007-02-28 09:15 2017280 2DFB215E291E3D9B1CF9A6739B3BF16C c:\windows\system32\ntkrnlpa.exe [-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2005-01-07 01:00 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2005-03-02 00:57 2135552 48B3E89AF7074CEE0314A3E0C7FAFFDB c:\windows\$NtUninstallKB896256$\ntoskrnl.exe [-] 2005-06-23 00:30 2136064 5611F453C6D20AB0552956F39BCDDB88 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe [-] 2006-12-19 16:49 2137600 57B9D140E1EB8B0EA06DF927B63B0EEE c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2004-08-04 04:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\ntoskrnl.exe [-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\ntoskrnl.exe [-] 2007-02-28 09:53 2137600 E6679C3023B17D8B78946BC5DF53FA20 c:\windows\system32\ntoskrnl.exe [-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\system32\dllcache\ntoskrnl.exe [-] 2005-01-07 01:00 1032192 A0732187050030AE399B241436565E64 c:\windows\explorer.exe [-] 2004-08-04 05:56 1032192 A0732187050030AE399B241436565E64 c:\windows\ServicePackFiles\i386\explorer.exe [-] 2005-01-07 01:00 1032192 A0732187050030AE399B241436565E64 c:\windows\system32\dllcache\explorer.exe [-] 2004-08-04 05:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\ServicePackFiles\i386\services.exe [-] 2005-01-07 01:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\services.exe [-] 2005-01-07 01:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\dllcache\services.exe [-] 2004-08-04 05:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\ServicePackFiles\i386\lsass.exe [-] 2005-01-07 01:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe [-] 2005-01-07 01:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe [-] 2004-08-04 05:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2005-01-07 01:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe [-] 2005-01-07 01:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe [-] 2005-01-07 01:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2004-08-04 05:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2gdr\spoolsv.exe [-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2qfe\spoolsv.exe [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\spoolsv.exe [-] 2004-08-04 05:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\ServicePackFiles\i386\userinit.exe [-] 2005-01-07 01:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe [-] 2005-01-07 01:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe [-] 2004-08-04 05:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2005-01-07 01:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll [-] 2005-01-07 01:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll [-] 2005-01-07 01:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2004-08-04 05:56 983552 888190E31455FAD793312F8D087146EB c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\system32\kernel32.dll [-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\system32\dllcache\kernel32.dll [-] 2004-08-04 05:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2005-01-07 01:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll [-] 2005-01-07 01:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll [-] 2004-08-04 05:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\ServicePackFiles\i386\imm32.dll [-] 2005-01-07 01:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll [-] 2005-01-07 01:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll [-] 2004-08-04 05:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2005-01-07 01:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll [-] 2005-01-07 01:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\dllcache\sfcfiles.dll [-] 2004-08-04 05:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\ServicePackFiles\i386\appmgmts.dll [-] 2005-01-07 01:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll [-] 2005-01-07 01:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\dllcache\appmgmts.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2005-01-07 15360] "Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2009-06-15 471650] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\wincmd\\WINCMD32.EXE"= "c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\SPCK Software\\FFA Blaster\\Blaster.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [12/2/2008 4:20 PM 54656] R3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\drivers\EvcapMau.sys [10/1/2003 5:41 PM 177664] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll FF - ProfilePath - . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-16 09:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b4,17,a1,08,67, 7d,fa,70,e2,63,26,f1,3f,c8,ff,68,f9,04,00,0b,75,de,ad,0c,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,25,e7,c9,73,e9, 2a,c8,58,6a,9c,d6,61,af,45,84,18,48,1b,99,61,73,b3,8d,63,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,58,c5,b9,2b,86, 87,fd,c0,ff,7c,85,e0,43,d4,0e,fe,93,c5,4c,0c,e3,ab,cb,5e,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,db,96,e6,9e,ed, 19,6c,e3,86,8c,21,01,be,91,eb,e7,05,77,4d,7d,2f,b8,ff,39,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d9,73,7a,41,a3, 9f,76,bb,f5,1d,4d,73,a8,13,5c,05,4f,29,d5,12,8b,92,78,97,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,fd,7f,7f,84,65, 1d,2b,e8,df,20,58,62,78,6b,cf,c8,80,43,e7,c3,bd,87,b8,d8,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,1f,fc,05,b8,7d, 1c,e3,46,fb,a7,78,e6,12,2f,9a,ea,27,8e,27,d3,90,d5,53,d5,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,6a,15,98,56,6e, e0,b6,32,01,3a,48,fc,e8,04,4a,f1,c1,5d,7b,c1,70,8e,95,5f,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,73,76,b7,00,60, 12,f1,a2,f6,0f,4e,58,98,5b,89,c9,e4,b1,4c,66,f4,e4,1c,b5,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,5e,70,ee,b8,b8, 8b,58,f3,3d,ce,ea,26,2d,45,aa,78,bb,78,e1,fc,34,b8,79,63,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,2b,14,ff,5b,8c, ec,4c,0a,2a,b7,cc,b5,b9,7f,41,e7,4d,1d,86,cc,84,99,04,59,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,4e,bd,60,28,73, 37,c4,5a,6c,43,2d,1e,aa,22,2f,9c,85,13,b7,6f,b8,e2,ef,02,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Classes\Software\������������ \Settings] "s01"="" "s02"="" "s03"="��" "s04"="��ޔ��" "s05"="��ƒ��" "s06"="��" "s07"="��" "s08"="��" "s09"="��" "s10"="��" "s11"="��ߚ��" "s12"="��" "s13"="" "s14"="" "s15"="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(680) c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll - - - - - - - > 'explorer.exe'(1560) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\CF19551.exe . ************************************************************************** . Completion time: 2009-06-16 9:07 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-16 14:07 Pre-Run: 37,528,064,000 bytes free Post-Run: 37,478,354,944 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [Boot Loader] Timeout=2 Default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [Operating Systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn 378

pauline addis View Member Profile	Jun 16 2009, 10:09 AM Post #10
Trusted Helper Posts: 777 From: Addis Abeba OS: Mac 10.5, Win XP, Win 7	Hello John, There is some cleaning to do in your security programs. According to your logs, you are using AVG as antivirus, Windows firewall, and several Antispyware (spybot, stopzilla, Ad-Aware, SUPERAntiSpyware and Windows Defender). Also there are some remaining from Trend Micro and Avast. Can you tell me what antivirus/firewall/antispyware you have installed/are currently using? �� Let's do a script with ComboFix Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad and copy/paste the text in the quotebox below into it: CODE KillAll:: File:: c:\windows\system32\ConTest.dll Folder:: c:\documents and settings\JF1954\Application Data\Search Settings c:\program files\Search Settings c:\program files\Ascentive Registry:: [-HKEY_LOCAL_MACHINE\software\Classes\Software\������������ ] Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. �� Scan again your system with Malwarebytes' Anti-Malware updated! Launch Update Malwarebytes' Anti-Malware, and update it. Select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. �� And to finish, please do an online scan with Kaspersky WebScanner Click on Accept You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. This post has been edited by pauline addis: Jun 16 2009, 10:11 AM Reason for edit: Typo

jf3030 View Member Profile	Jun 17 2009, 09:28 AM Post #11
Member Posts: 40 OS: windows xp multimedia center	I guess I went nuts trying to fix my computer and dumped anything I could to get it cleaned. I don't know how to disable AVG or Windows firewall. .. I tried to delete Stopzilla but it won't let me. I deleted spybot and adaware... I thought I had deleted SUPERAntiSpyware as well... I guess not. On Windows Defender I don't know how to disable it also. Trend Micro is a small program is not installed ( I don't think ) You place on your desktop you just run it and it finds spyware. To remove it I just delete it of the desktop. I'm going to run ComboFix and post the results. John. Thanks!!!!! =========================================================== ERROR WITH CFSCRIPT =========================================================== Pauline, I keep getting this error message when trying to run the CFScript with ComboFix. I tried everything possible to delete the program and removing from being active but nothing works. What can I do next before running CFScript? =========================================================== ComboFix has detected the following real time scanner(s) to be active: antivirus: Trend Micro PC-cillin Internet Security 2007 Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking "OK".

pauline addis View Member Profile	Jun 18 2009, 02:55 AM Post #12
Trusted Helper Posts: 777 From: Addis Abeba OS: Mac 10.5, Win XP, Win 7	Hello John, Ok, leave ComboFix, let's try with another tool (no need to disable your programs with this one). Concerning your security programs, to be protected, you should have one antivirus, one antispyware and one firewall. For the antivirus, let's keep AVG, but you must upgrade it (version 8.5), and I have included in the fix remaining from Avast and Trend Micro to be removed. For the antispyware, don't delete the programs, but uninstall them from Add/Remove programs. Keep Windows Defender for now, and I will have a look to see what remains from the other antispyware. I will indicate you another one at the end of the cleaning process, and if you wish to install it, I will give you instructions to disable Windows Defender. For the firewall, don't disable Windows Firewall as it is the only one you get. I will indicate you some at the end of the cleaning process, and if you choose to install one other, I will tell you how to disable Windows Firewall. �� Please download OTM by OldTimer Save it to your desktop. Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Processes explorer.exe avgwdsvc.exe :Services tmcomm :Reg [-HKEY_LOCAL_MACHINE\software\Classes\Software\������������ ] :Files c:\windows\system32\ConTest.dll c:\documents and settings\JF1954\Application Data\Search Settings c:\program files\Search Settings c:\program files\Ascentive c:\program files\Alwil Software :Commands [purity] [emptytemp] [start explorer] [Reboot] Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTM\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. �� Run OTL.exe When the window appears, underneath Output at the top change it to Minimal Output Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long When the scan completes, it will open one notepad windows OTListIt.Txt. This is saved in the same location as OTL Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply

jf3030 View Member Profile	Jun 18 2009, 08:43 AM Post #13
Member Posts: 40 OS: windows xp multimedia center	========== PROCESSES ========== Process explorer.exe killed successfully. Unable to kill process: avgwdsvc.exe ========== SERVICES/DRIVERS ========== Service\Driver tmcomm not found. Service\Driver tmcomm not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\software\Classes\Software\������������ \\ not found. ========== FILES ========== File/Folder c:\windows\system32\ConTest.dll not found. Folder move failed. c:\documents and settings\JF1954\Application Data\Search Settings\kb128\temp scheduled to be moved on reboot. Folder move failed. c:\documents and settings\JF1954\Application Data\Search Settings\kb128 scheduled to be moved on reboot. Folder move failed. c:\documents and settings\JF1954\Application Data\Search Settings scheduled to be moved on reboot. File/Folder c:\program files\Search Settings not found. File/Folder c:\program files\Ascentive not found. File/Folder c:\program files\Alwil Software not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\JF1954\LOCALS~1\Temp\etilqs_tcaZaEfUrNRapOO7d2GU scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\JF1954\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_fc.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\JF1954\Local Settings\Application Data\Mozilla\Firefox\Profiles\7e6p9zg4.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\JF1954\Local Settings\Application Data\Mozilla\Firefox\Profiles\7e6p9zg4.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\JF1954\Local Settings\Application Data\Mozilla\Firefox\Profiles\7e6p9zg4.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\JF1954\Local Settings\Application Data\Mozilla\Firefox\Profiles\7e6p9zg4.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\JF1954\Local Settings\Application Data\Mozilla\Firefox\Profiles\7e6p9zg4.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\JF1954\Local Settings\Application Data\Mozilla\Firefox\Profiles\7e6p9zg4.default\XPC.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTM by OldTimer - Version 2.1.0.1 log created on 06182009_082714 Files moved on Reboot... c:\documents and settings\JF1954\Application Data\Search Settings\kb128\temp moved successfully. c:\documents and settings\JF1954\Application Data\Search Settings\kb128 moved successfully. c:\documents and settings\JF1954\Application Data\Search Settings moved successfully. File C:\DOCUME~1\JF1954\LOCALS~1\Temp\etilqs_tcaZaEfUrNRapOO7d2GU not found! File C:\WINDOWS\temp\Perflib_Perfdata_fc.dat not found! C:\Documents and Settings\JF1954\Local Settings\Application Data\Mozilla\Firefox\Profiles\7e6p9zg4.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\JF1954\Local Settings\Application Data\Mozilla\Firefox\Profiles\7e6p9zg4.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\JF1954\Local Settings\Application Data\Mozilla\Firefox\Profiles\7e6p9zg4.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\JF1954\Local Settings\Application Data\Mozilla\Firefox\Profiles\7e6p9zg4.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\JF1954\Local Settings\Application Data\Mozilla\Firefox\Profiles\7e6p9zg4.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\JF1954\Local Settings\Application Data\Mozilla\Firefox\Profiles\7e6p9zg4.default\XPC.mfl moved successfully. Registry entries deleted on Reboot... ====================== otl log ====================== OTL logfile created on: 6/18/2009 AM 8:41:16 - Run 2 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\JF1954\Desktop\File Cleaners Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 511.29 Mb Total Physical Memory \| 130.46 Mb Available Physical Memory \| 25.52% Memory free 1.22 Gb Paging File \| 0.96 Gb Available in Paging File \| 78.96% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 106.58 Gb Total Space \| 34.94 Gb Free Space \| 32.78% Space Free \| Partition Type: NTFS Drive D: \| 5.19 Gb Total Space \| 0.88 Gb Free Space \| 16.87% Space Free \| Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JUAN-041AFD903F Current User Name: JF1954 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.) PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.) PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.) PRC - c:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\WINDOWS\system32\CTsvcCDA.exe (Creative Technology Ltd) PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation) PRC - C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Documents and Settings\JF1954\Desktop\File Cleaners\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Bonjour Service [Auto \| Running]) -- c:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Creative Service for CDROM Access [Auto \| Running]) -- C:\WINDOWS\system32\CTsvcCDA.exe (Creative Technology Ltd) SRV - (ehSched [Auto \| Running]) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (LexBceS [Auto \| Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.) SRV - (MDM [Auto \| Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (NBService [On_Demand \| Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (szserver [Auto \| Running]) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.) SRV - (UMWdf [Auto \| Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) SRV - (WinDefend [Auto \| Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AFS2K [System \| Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (ALCXWDM [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ati2mtag [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (Cdr4_xp [System \| Stopped]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (Cdralw2k [System \| Stopped]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (EvcapMaui [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\EvcapMau.sys (Emuzed, Inc.) DRV - (GEARAspiWDM [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (imagedrv [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\imagedrv.sys (Ahead Software AG) DRV - (imagesrv [Boot \| Running]) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys (Ahead Software AG) DRV - (ltmodem5 [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys (LT) DRV - (MR97310_USB_DUAL_CAMERA [On_Demand \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\mr97310c.sys (Mars Semiconductor Corp.) DRV - (Pcouffin [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys (VSO Software) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions) DRV - (rtl8139 [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation) DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys () DRV - (StillCam [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation) DRV - (szkg5 [Boot \| Running]) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.) DRV - (USBAAPL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.1 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/14 20:07:53 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/12 20:40:18 \| 00,000,000 \| ---D \| M] [2009/04/10 11:28:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\JF1954\Application Data\mozilla\Extensions [2009/04/10 11:28:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\JF1954\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/16 23:18:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\JF1954\Application Data\mozilla\Firefox\Profiles\7e6p9zg4.default\extensions [2009/01/15 06:54:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\JF1954\Application Data\mozilla\Firefox\Profiles\7e6p9zg4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/01/15 06:54:17 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\JF1954\Application Data\mozilla\Firefox\Profiles\7e6p9zg4.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2009/02/22 11:04:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\JF1954\Application Data\mozilla\Firefox\Profiles\7e6p9zg4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2007/12/24 12:13:36 \| 00,001,878 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Application Data\Mozilla\FireFox\Profiles\7e6p9zg4.default\searchplugins\aolsearch.xml [2008/06/18 08:36:33 \| 00,002,386 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Application Data\Mozilla\FireFox\Profiles\7e6p9zg4.default\searchplugins\siteadvisor.xml [2007/08/07 08:32:20 \| 00,005,593 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Application Data\Mozilla\FireFox\Profiles\7e6p9zg4.default\searchplugins\wordtracker.xml [2009/06/16 23:18:20 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/06/12 20:40:18 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/10/25 11:19:59 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009/06/12 09:24:40 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\search@searchsettings.com [2009/06/12 20:40:10 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/06/12 20:40:10 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/04/24 19:26:59 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/04/24 19:26:59 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/04/24 19:26:59 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/04/24 19:26:59 \| 00,002,343 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/04/24 19:26:59 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/04/24 19:26:59 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKCU..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup (CleanMyPC Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation) O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (TTestGenXInstallObject) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1225765975170 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2) O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modul...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab (ASPRO Installer Class) O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/07/28 20:45:26 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - * [2009/06/15 12:59:13 \| 00,000,000 \| ---D \| M] ========== Files/Folders - Created Within 30 Days ========== [14 C:\Documents and Settings\JF1954\My Documents\.tmp files] [2100/02/23 18:55:50 \| 00,001,096 \| ---- \| C] () -- C:\WINDOWS\Lexmark_ICM.ini [2009/06/18 08:37:46 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\Application Data\Search Settings [2009/06/18 08:21:04 \| 00,000,000 \| ---D \| C] -- C:\_OTM [2009/06/18 08:19:26 \| 00,389,632 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\JF1954\Desktop\OTM.exe [2009/06/17 10:25:30 \| 00,388,608 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF26238.exe [2009/06/17 10:25:30 \| 00,000,000 \| --SD \| C] -- C:\ComboFix [2009/06/17 10:08:35 \| 00,388,608 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21752.exe [2009/06/16 17:03:57 \| 00,225,280 \| ---- \| C] (www.mp3dev.org) -- C:\WINDOWS\System32\lame_enc.dll [2009/06/16 10:46:31 \| 36,047,872 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\gussy.doc [2009/06/16 09:38:51 \| 00,000,000 \| ---D \| C] -- C:\AAAJOHNSCLASSPICS [2009/06/16 09:07:11 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\Local Settings\temp [2009/06/16 08:49:05 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/06/16 08:49:00 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/06/16 08:46:53 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/06/16 08:46:53 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/06/16 08:46:53 \| 00,155,136 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/06/16 08:46:53 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/06/16 08:46:53 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/06/16 08:46:53 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/06/16 08:46:53 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/06/16 08:46:53 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/06/16 08:46:47 \| 00,388,608 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF19551.exe [2009/06/16 08:42:48 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/06/16 08:42:12 \| 03,027,540 \| R--- \| C] () -- C:\Documents and Settings\JF1954\Desktop\ComboFix.exe [2009/06/16 07:48:14 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/06/15 20:20:59 \| 00,029,696 \| ---- \| C] () -- C:\ashley.doc [2009/06/15 17:37:08 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\My Documents\1st Mass Mailer [2009/06/15 17:36:55 \| 00,000,731 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\1st Mass Mailer.lnk [2009/06/15 17:36:53 \| 00,000,000 \| ---D \| C] -- C:\Program Files\1st Mass Mailer [2009/06/15 16:42:13 \| 00,000,647 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\WorldCast.lnk [2009/06/15 16:02:25 \| 00,132,608 \| ---- \| C] (MicroDexterity, Inc.) -- C:\WINDOWS\System32\STAMIN32.DLL [2009/06/15 16:02:25 \| 00,074,240 \| ---- \| C] (Nanoware, Inc.) -- C:\WINDOWS\System32\NHTML32.OCX [2009/06/15 16:02:25 \| 00,000,826 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\FFA Blaster.lnk [2009/06/15 16:02:24 \| 00,149,640 \| ---- \| C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\http50.ocx [2009/06/15 16:02:24 \| 00,137,352 \| ---- \| C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\smtp50.ocx [2009/06/15 16:02:24 \| 00,137,352 \| ---- \| C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\ftp50.ocx [2009/06/15 16:02:24 \| 00,129,160 \| ---- \| C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\ipport50.ocx [2009/06/15 16:02:24 \| 00,116,872 \| ---- \| C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\netcod50.ocx [2009/06/15 16:02:24 \| 00,108,680 \| ---- \| C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\ipinfo50.ocx [2009/06/15 12:55:54 \| 00,501,760 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\JF1954\Desktop\OTL.exe [2009/06/14 19:46:08 \| 00,000,000 \| ---D \| C] -- C:\AAAJOHN [2009/06/14 19:19:14 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\My Documents\registrybackup [2009/06/14 19:17:28 \| 00,000,000 \| ---D \| C] -- C:\Program Files\CleanMyPC [2009/06/13 16:40:28 \| 00,000,000 \| ---D \| C] -- C:\Rooter$ [2009/06/13 15:04:31 \| 00,203,466 \| ---- \| C] () -- C:\tamuk2.jpg [2009/06/13 15:02:53 \| 00,215,384 \| ---- \| C] () -- C:\tamuk1.jpg [2009/06/12 09:23:53 \| 00,116,296 \| ---- \| C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2009/06/12 09:23:52 \| 01,986,560 \| ---- \| C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2009/06/12 09:23:52 \| 01,212,416 \| ---- \| C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2009/06/12 09:23:52 \| 00,348,160 \| ---- \| C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2009/06/12 09:23:52 \| 00,040,960 \| ---- \| C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll [2009/06/12 09:23:52 \| 00,015,360 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL [2009/06/12 09:23:51 \| 00,141,312 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL [2009/06/12 09:23:51 \| 00,119,568 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL [2009/06/12 09:23:50 \| 00,032,768 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL [2009/06/11 18:35:00 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2009/06/11 16:13:33 \| 00,000,162 \| -H-- \| C] () -- C:\Documents and Settings\JF1954\My Documents\~$ekstogo.doc [2009/06/11 14:23:40 \| 00,024,064 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\geekstogo.doc [2009/06/11 07:43:48 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\Application Data\Nero [2009/06/10 19:30:27 \| 00,297,240 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\fireworks.jpg [2009/06/10 19:06:34 \| 00,000,000 \| ---D \| C] -- C:\arenas [2009/06/10 18:17:32 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\Desktop\File Cleaners [2009/06/10 12:50:52 \| 00,110,592 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\mass.doc [2009/06/10 11:38:26 \| 00,032,256 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\movie1.doc [2009/06/10 10:00:39 \| 00,074,433 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\address.jpg [2009/06/10 08:23:22 \| 00,015,872 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\schedule.xls [2009/06/10 08:10:15 \| 00,025,088 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\schedule.doc [2009/06/09 19:46:01 \| 00,548,352 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\jerry&ash.doc [2009/06/05 20:38:41 \| 00,000,162 \| -H-- \| C] () -- C:\Documents and Settings\JF1954\My Documents\~$BLANK1.doc [2009/06/04 15:27:51 \| 00,001,648 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\Photo2Album.lnk [2009/06/04 07:15:54 \| 00,025,088 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\trevino2.doc [2009/06/04 07:12:54 \| 00,029,184 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\trevino.doc [2009/06/03 11:55:39 \| 00,030,208 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\jerry.doc [2009/06/02 20:56:52 \| 00,024,576 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\imagine me without you.doc [2009/06/02 08:20:18 \| 00,097,448 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\trombone-6.jpg [2009/06/02 08:15:28 \| 00,037,892 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\boa-bandfest-3.jpg [2009/06/01 18:01:05 \| 00,028,672 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\John2.doc [2009/05/31 22:29:02 \| 00,028,160 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\john.doc [2009/05/27 06:03:19 \| 07,483,020 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\CUBE.flv [2009/05/26 19:57:57 \| 00,000,000 \| -HSD \| C] -- C:\found.000 [2009/05/26 19:20:32 \| 00,000,000 \| ---D \| C] -- C:\photos 2009 [2009/05/26 06:27:22 \| 00,024,032 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\Movie Releases.htm [2009/05/26 06:24:21 \| 00,027,136 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\MOVIE RELEASES.shs [2009/05/24 12:18:52 \| 00,965,632 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\birday invitation.doc [2009/05/24 11:42:37 \| 79,460,715 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\image3.psd [2009/05/23 19:01:18 \| 00,000,000 \| ---D \| C] -- C:\gussy [2009/05/23 17:56:21 \| 00,000,080 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\IMP AWARDS.url [2009/05/23 13:16:15 \| 01,508,864 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\birthday party.doc [2009/05/23 13:08:46 \| 07,958,016 \| ---- \| C] () -- C:\Documents and Settings\JF1954\My Documents\birthday.sig [2009/05/22 07:49:40 \| 00,039,881 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\pspbrwse.jbf [2009/05/22 07:46:44 \| 00,099,873 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\john&ash.jpg [2009/05/22 06:36:09 \| 00,000,000 \| ---D \| C] -- C:\New Folder (2) [2009/05/22 06:33:49 \| 00,000,000 \| ---D \| C] -- C:\flv [2009/05/22 00:51:33 \| 00,354,235 \| ---- \| C] () -- C:\Documents and Settings\JF1954\Desktop\Image2.jpg [2009/05/20 22:18:06 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\Desktop\john's DT folder [2009/04/24 20:43:53 \| 00,000,075 \| ---- \| C] () -- C:\WINDOWS\st_affiliate.ini [2009/03/27 18:43:56 \| 00,086,016 \| ---- \| C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll [2008/12/23 14:43:27 \| 00,223,232 \| ---- \| C] () -- C:\WINDOWS\System32\sqlite3.dll [2008/09/27 13:08:37 \| 00,000,020 \| ---- \| C] () -- C:\WINDOWS\ylgbzt.dll [2008/07/23 11:50:52 \| 03,596,288 \| ---- \| C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/07/23 11:47:34 \| 00,000,416 \| ---- \| C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/07/23 11:47:34 \| 00,000,416 \| ---- \| C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/07/23 11:46:38 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/04/13 18:56:32 \| 00,074,703 \| ---- \| C] () -- C:\WINDOWS\System32\mfc45.dll [2008/04/13 13:47:16 \| 00,000,967 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2008/03/23 20:18:29 \| 00,323,584 \| ---- \| C] () -- C:\WINDOWS\System32\FoxImager.dll [2008/03/09 19:51:29 \| 00,383,238 \| ---- \| C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2008/03/09 18:53:50 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\v2d.INI [2007/09/16 15:02:54 \| 00,114,688 \| ---- \| C] () -- C:\WINDOWS\System32\pdfmona.dll [2007/09/16 15:02:54 \| 00,050,364 \| ---- \| C] () -- C:\WINDOWS\System32\pdf995mon.dll [2007/07/12 11:57:17 \| 00,000,195 \| ---- \| C] () -- C:\WINDOWS\videoimp.ini [2007/06/25 11:45:43 \| 00,001,682 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007/04/22 20:02:15 \| 00,000,268 \| ---- \| C] () -- C:\WINDOWS\WorldMerge.INI [2007/03/24 17:09:52 \| 00,000,247 \| ---- \| C] () -- C:\WINDOWS\APOapp.INI [2007/02/09 18:41:10 \| 00,000,704 \| ---- \| C] () -- C:\WINDOWS\cdplayer.ini [2006/11/17 20:12:05 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\hotComm.INI [2006/11/01 21:35:48 \| 00,000,229 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2006/10/17 21:19:20 \| 00,006,592 \| ---- \| C] () -- C:\WINDOWS\gwpreset.ini [2006/10/17 21:19:20 \| 00,001,668 \| ---- \| C] () -- C:\WINDOWS\goldwave.ini [2006/10/14 15:29:51 \| 00,000,343 \| ---- \| C] () -- C:\WINDOWS\PSTUDIO.INI [2006/08/22 19:22:29 \| 00,000,486 \| ---- \| C] () -- C:\WINDOWS\umaxuapi.ini [2006/08/22 19:22:17 \| 00,000,020 \| ---- \| C] () -- C:\WINDOWS\Temp.ini [2006/08/14 19:25:12 \| 00,000,165 \| ---- \| C] () -- C:\WINDOWS\wcx_ftp.ini [2006/08/07 08:51:42 \| 00,000,808 \| ---- \| C] () -- C:\WINDOWS\Ulead32.ini [2006/08/07 08:50:57 \| 00,000,016 \| ---- \| C] () -- C:\WINDOWS\S2600.INI [2006/08/06 14:30:46 \| 00,000,037 \| ---- \| C] () -- C:\WINDOWS\marscam.ini [2006/08/06 14:19:17 \| 00,028,672 \| R--- \| C] () -- C:\WINDOWS\System32\mr310exd.dll [2006/08/06 14:19:16 \| 00,036,864 \| R--- \| C] () -- C:\WINDOWS\System32\mr310exv.dll [2006/08/06 14:17:58 \| 00,015,164 \| ---- \| C] () -- C:\WINDOWS\mr310twc.ini [2006/08/06 10:23:11 \| 00,011,633 \| ---- \| C] () -- C:\WINDOWS\hpdj5100.ini [2006/07/31 22:50:31 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\iPlayer.INI [2006/07/29 08:46:16 \| 00,002,354 \| ---- \| C] () -- C:\WINDOWS\WINCMD.INI [2006/07/28 21:41:28 \| 00,014,012 \| ---- \| C] () -- C:\WINDOWS\Debug.ini [2006/07/28 14:54:57 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2005/07/15 13:35:56 \| 00,831,488 \| ---- \| C] () -- C:\WINDOWS\System32\libeay32.dll [2005/07/15 13:35:56 \| 00,159,744 \| ---- \| C] () -- C:\WINDOWS\System32\ssleay32.dll [2005/01/06 20:00:00 \| 00,081,920 \| ---- \| C] () -- C:\WINDOWS\System32\ieencode.dll [2005/01/06 20:00:00 \| 00,027,440 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2005/01/06 20:00:00 \| 00,001,134 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/01/06 20:00:00 \| 00,000,285 \| ---- \| C] () -- C:\WINDOWS\system.ini [2004/06/24 19:16:46 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\EzdCoIns.dll [2003/10/27 11:55:50 \| 00,000,307 \| ---- \| C] () -- C:\WINDOWS\LProS.ini [2003/08/05 13:25:44 \| 00,098,384 \| ---- \| C] () -- C:\WINDOWS\System32\EzRating.dll [2003/01/07 15:05:08 \| 00,002,695 \| ---- \| C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/01/21 03:04:28 \| 00,667,648 \| ---- \| C] () -- C:\WINDOWS\System32\Dtwain32.dll [2001/05/13 17:18:34 \| 00,000,209 \| ---- \| C] () -- C:\WINDOWS\X63_DS.ini [2000/10/24 09:08:36 \| 00,118,784 \| ---- \| C] () -- C:\WINDOWS\System32\Lfkodak.dll [2000/10/24 09:08:33 \| 00,338,944 \| ---- \| C] () -- C:\WINDOWS\System32\Lffpx7.dll [1997/10/24 14:56:36 \| 00,000,643 \| ---- \| C] () -- C:\WINDOWS\LEXSTAT.INI ========== Files - Modified Within 30 Days ========== [14 C:\Documents and Settings\JF1954\My Documents\.tmp files] [2009/06/18 08:36:28 \| 00,013,646 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/06/18 08:36:26 \| 00,000,062 \| -HS- \| M] () -- C:\Documents and Settings\JF1954\Local Settings\desktop.ini [2009/06/18 08:29:36 \| 00,014,012 \| ---- \| M] () -- C:\WINDOWS\Debug.ini [2009/06/18 08:29:23 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/06/18 08:29:18 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/06/18 08:29:17 \| 53,620,3264 \| -HS- \| M] () -- C:\hiberfil.sys [2009/06/18 08:19:28 \| 00,389,632 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\JF1954\Desktop\OTM.exe [2009/06/17 18:16:16 \| 00,002,354 \| ---- \| M] () -- C:\WINDOWS\WINCMD.INI [2009/06/17 18:10:40 \| 00,000,229 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2009/06/17 10:22:02 \| 00,388,608 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF26238.exe [2009/06/17 10:15:05 \| 00,041,770 \| -H-- \| M] () -- C:\TREEINFO.WC [2009/06/17 09:59:08 \| 00,388,608 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21752.exe [2009/06/16 17:04:43 \| 00,001,668 \| ---- \| M] () -- C:\WINDOWS\goldwave.ini [2009/06/16 11:14:16 \| 00,000,165 \| ---- \| M] () -- C:\WINDOWS\wcx_ftp.ini [2009/06/16 10:46:36 \| 36,047,872 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\gussy.doc [2009/06/16 09:04:27 \| 00,403,968 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/06/16 09:04:27 \| 00,063,188 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/06/16 09:04:26 \| 00,475,330 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/06/16 09:00:57 \| 00,000,285 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/06/16 09:00:29 \| 00,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/06/16 08:49:13 \| 00,000,279 \| RHS- \| M] () -- C:\boot.ini [2009/06/16 08:42:45 \| 00,388,608 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF19551.exe [2009/06/16 08:42:31 \| 03,027,540 \| R--- \| M] () -- C:\Documents and Settings\JF1954\Desktop\ComboFix.exe [2009/06/15 20:52:00 \| 00,029,696 \| ---- \| M] () -- C:\ashley.doc [2009/06/15 17:36:55 \| 00,000,731 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\1st Mass Mailer.lnk [2009/06/15 16:42:13 \| 00,000,647 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\WorldCast.lnk [2009/06/15 16:02:25 \| 00,000,826 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\FFA Blaster.lnk [2009/06/15 12:56:07 \| 00,501,760 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\JF1954\Desktop\OTL.exe [2009/06/13 15:04:31 \| 00,203,466 \| ---- \| M] () -- C:\tamuk2.jpg [2009/06/13 15:02:53 \| 00,215,384 \| ---- \| M] () -- C:\tamuk1.jpg [2009/06/12 20:23:44 \| 00,039,881 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\pspbrwse.jbf [2009/06/12 08:46:56 \| 00,032,256 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\movie1.doc [2009/06/11 16:13:33 \| 00,000,162 \| -H-- \| M] () -- C:\Documents and Settings\JF1954\My Documents\~$ekstogo.doc [2009/06/11 14:23:41 \| 00,024,064 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\geekstogo.doc [2009/06/10 19:30:27 \| 00,297,240 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\fireworks.jpg [2009/06/10 12:50:53 \| 00,110,592 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\mass.doc [2009/06/10 11:30:47 \| 00,015,872 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\schedule.xls [2009/06/10 10:00:40 \| 00,074,433 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\address.jpg [2009/06/10 09:58:07 \| 00,000,020 \| ---- \| M] () -- C:\WINDOWS\Temp.ini [2009/06/10 09:57:44 \| 00,000,486 \| ---- \| M] () -- C:\WINDOWS\umaxuapi.ini [2009/06/10 08:10:16 \| 00,025,088 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\schedule.doc [2009/06/09 20:04:32 \| 00,000,875 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Performance Center.lnk [2009/06/09 19:46:02 \| 00,548,352 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\jerry&ash.doc [2009/06/08 08:10:10 \| 00,155,136 \| ---- \| M] () -- C:\WINDOWS\PEV.exe [2009/06/07 18:51:11 \| 00,001,134 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/06/05 20:38:52 \| 00,024,064 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\A-BLANK1.doc [2009/06/05 20:38:41 \| 00,000,162 \| -H-- \| M] () -- C:\Documents and Settings\JF1954\My Documents\~$BLANK1.doc [2009/06/04 15:28:33 \| 00,000,247 \| ---- \| M] () -- C:\WINDOWS\APOapp.INI [2009/06/04 15:27:51 \| 00,001,648 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\Photo2Album.lnk [2009/06/04 07:48:40 \| 00,029,184 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\trevino.doc [2009/06/04 07:15:54 \| 00,025,088 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\trevino2.doc [2009/06/04 07:10:38 \| 00,030,208 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\jerry.doc [2009/06/02 20:56:52 \| 00,024,576 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\imagine me without you.doc [2009/06/02 08:20:19 \| 00,097,448 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\trombone-6.jpg [2009/06/02 08:15:44 \| 00,037,892 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\boa-bandfest-3.jpg [2009/06/01 18:05:11 \| 00,028,672 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\John2.doc [2009/05/31 22:29:03 \| 00,028,160 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\john.doc [2009/05/26 06:27:28 \| 00,024,032 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\Movie Releases.htm [2009/05/26 06:24:22 \| 00,027,136 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\MOVIE RELEASES.shs [2009/05/26 00:11:28 \| 00,000,808 \| ---- \| M] () -- C:\WINDOWS\Ulead32.ini [2009/05/24 12:18:52 \| 00,965,632 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\birday invitation.doc [2009/05/24 11:42:55 \| 79,460,715 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\image3.psd [2009/05/23 17:56:35 \| 00,000,080 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\IMP AWARDS.url [2009/05/23 14:19:41 \| 00,000,037 \| ---- \| M] () -- C:\WINDOWS\marscam.ini [2009/05/23 14:19:38 \| 00,012,106 \| ---- \| M] () -- C:\WINDOWS\mr310twc.src [2009/05/23 13:16:15 \| 01,508,864 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\birthday party.doc [2009/05/23 13:08:46 \| 07,958,016 \| ---- \| M] () -- C:\Documents and Settings\JF1954\My Documents\birthday.sig [2009/05/22 07:49:29 \| 00,099,873 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\john&ash.jpg [2009/05/22 00:52:49 \| 00,354,235 \| ---- \| M] () -- C:\Documents and Settings\JF1954\Desktop\Image2.jpg < End of report >

pauline addis View Member Profile	Jun 19 2009, 05:58 AM Post #14
Trusted Helper Posts: 777 From: Addis Abeba OS: Mac 10.5, Win XP, Win 7	Hello John, Please reinstall one antivirus! Install Anti-Vir or AVG Anti-Virus If you like StopZilla and have a subscription, just keep it. If you want to uninstall it, please do as explain here and keep me informed in order to indicate you another program. Run OTL.exe Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.) [2009/06/18 08:37:46 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\JF1954\Application Data\Search Settings [2009/06/11 18:35:00 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2008/09/27 13:08:37 \| 00,000,020 \| ---- \| C] () -- C:\WINDOWS\ylgbzt.dll :Services :Reg :Files :Commands [purity] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post a new OTL log Please delete Combofix and redownload it: Download ComboFix by sUBs to your Desktop. Link 1 Link 2 Disable StopZilla (Right-click the System Tray Icon in the lower right corner of your screen and click Exit STOPzilla!) Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. CF disconnects your machine from the Internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

jf3030 View Member Profile	Jun 19 2009, 07:32 AM Post #15
Member Posts: 40 OS: windows xp multimedia center	========== OTL ========== Process explorer.exe killed successfully! No active process named SZServer.exe was found! File move failed. C:\Documents and Settings\JF1954\Application Data\Search Settings scheduled to be moved on reboot. C:\Program Files\SUPERAntiSpyware moved successfully. LoadLibrary failed for C:\WINDOWS\ylgbzt.dll C:\WINDOWS\ylgbzt.dll NOT unregistered. C:\WINDOWS\ylgbzt.dll moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Pauline, I ran OTL like you instructed and I immediately got this "error" message... ========== The application or DLL c:\windows\ylgbzt.dll is not a valid Windows image. Please check this against your installation diskette. ======================== I couldn't find stopzilla anywhere but it still shows up in the "control panel" under "add and remove programs". From there it will not let me remove it. It gives me the following message. Message 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: UninstallQueryu, location: C:\Program Files\Stopzilla\SZInit.Exe, command: /uqAvailable in Windows Installer version 2.0. ======================== Follwed by "Fatal error" during installation. ======================== OTL ========== FILES ========== ========== COMMANDS ========== File delete failed. C:\Documents and Settings\JF1954\Local Settings\temp\etilqs_uuA73x9epAUhQCNceGR2 scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6fc.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTL by OldTimer - Version 2.1.1.0 log created on 06192009_081351 Files moved on Reboot... Folder move failed. C:\Documents and Settings\JF1954\Application Data\Search Settings\kb128 scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\JF1954\Application Data\Search Settings scheduled to be moved on reboot. File C:\Documents and Settings\JF1954\Local Settings\temp\etilqs_uuA73x9epAUhQCNceGR2 not found! File C:\WINDOWS\temp\Perflib_Perfdata_6fc.dat not found! Registry entries deleted on Reboot... As soon as I post this I'll ren ComboFix... John

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

5 Pages

1 2 3 > »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal my computer is slow and shuts down for no reason...?	1 / 446	29th December 2005 - 12:29 PM bodebldr2000 started - last by bodebldr2000
Virus, Spyware and Trojan Removal My computer is slow and it's been freezing! Look at my log	0 / 364	7th July 2006 - 11:25 AM maxgn started - last by maxgn
Virus, Spyware and Trojan Removal My computer is Slow and freezes up all the time	0 / 505	17th October 2006 - 07:09 PM Trevor F started - last by Trevor F
Virus, Spyware and Trojan Removal My computer is slow and stuff. please help	1 / 423	19th November 2006 - 02:28 AM Absent started - last by Absent