Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help with redirect [Solved]

Started by mycotopian , Jan 24 2010 11:00 AM

  • This topic is locked This topic is locked

#1
mycotopian
Posted 24 January 2010 - 11:00 AM

mycotopian

    New Member

  • Member
  • Pip
  • 8 posts
Hey guys,

I picked up a redirect somewhere and now when I try to go to digg.com I get a red box over a grey screen that says

Restricted Site!
This web site is restricted based on your security preferences.

Your system is infected. Please activate your antivirus software.


Any help you can give would be greatly appreciated. I will post my logs below for your review.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-23 19:15:56
Windows 5.1.2600 Service Pack 3
Running: wclkf79w.exe; Driver: C:\DOCUME~1\Ryan\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB7ECE0B0]
SSDT sptd.sys ZwEnumerateKey [0xB7ED3A92]
SSDT sptd.sys ZwEnumerateValueKey [0xB7ED3E20]
SSDT sptd.sys ZwOpenKey [0xB7ECE090]
SSDT sptd.sys ZwQueryKey [0xB7ED3EF8]
SSDT sptd.sys ZwQueryValueKey [0xB7ED3D78]
SSDT sptd.sys ZwSetValueKey [0xB7ED3F8A]

---- Kernel code sections - GMER 1.0.15 ----

? cgblkl.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6A08380, 0x5414D5, 0xE8000020]
.text USBPORT.SYS!DllUnload B69E88AC 5 Bytes JMP 8A6481C8
? System32\Drivers\axozs6bh.SYS The system cannot find the path specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7ECEAB4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7ECEBFA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7ECEB7C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7ECF728] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7ECF5FE] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A8B41E8
Device \FileSystem\Fastfat \FatCdrom 8A504728
Device \Driver\usbstor \Device\0000008e 8962C490
Device \Driver\usbstor \Device\0000008f 8962C490
Device \Driver\PCI_NTPNP7226 \Device\00000043 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A6471E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8B61E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A8B61E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A8B61E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A8B61E8
Device \Driver\usbuhci \Device\USBPDO-1 8A6471E8
Device \Driver\usbuhci \Device\USBPDO-2 8A6471E8
Device \Driver\usbehci \Device\USBPDO-3 8A61F1E8
Device \Driver\usbuhci \Device\USBPDO-4 8A6471E8
Device \Driver\usbuhci \Device\USBPDO-5 8A6471E8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 8A8B61E8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 8A8B61E8
Device \Driver\usbuhci \Device\USBPDO-6 8A6471E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A9271E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\usbehci \Device\USBPDO-7 8A61F1E8
Device \Driver\Cdrom \Device\CdRom0 8A5C2980
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A9271E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\Cdrom \Device\CdRom1 8A5C2980
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-24 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-24 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort0 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort2 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort3 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1c [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1c AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\usbstor \Device\00000090 8962C490
Device \Driver\NetBT \Device\NetBt_Wins_Export 897171E8
Device \Driver\NetBT \Device\NetbiosSmb 897171E8
Device \Driver\usbuhci \Device\USBFDO-0 8A6471E8
Device \Driver\usbuhci \Device\USBFDO-1 8A6471E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8968B710
Device \Driver\usbuhci \Device\USBFDO-2 8A6471E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8968B710
Device \Driver\usbehci \Device\USBFDO-3 8A61F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E33FF3BA-D04B-4B48-98A7-25AB96769BA6} 897171E8
Device \Driver\usbuhci \Device\USBFDO-4 8A6471E8
Device \Driver\Ftdisk \Device\FtControl 8A9271E8
Device \Driver\usbuhci \Device\USBFDO-5 8A6471E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{97989BAD-ACC8-4E7C-8765-C687D2DF119F} 897171E8
Device \Driver\usbuhci \Device\USBFDO-6 8A6471E8
Device \Driver\usbstor \Device\0000008c 8962C490
Device \Driver\usbehci \Device\USBFDO-7 8A61F1E8
Device \Driver\axozs6bh \Device\Scsi\axozs6bh1 8A5361E8
Device \Driver\axozs6bh \Device\Scsi\axozs6bh1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\JRAID \Device\Scsi\JRAID1 8A8B51E8
Device \Driver\axozs6bh \Device\Scsi\axozs6bh1Port5Path0Target0Lun0 8A5361E8
Device \Driver\axozs6bh \Device\Scsi\axozs6bh1Port5Path0Target0Lun0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\usbstor \Device\0000008d 8962C490
Device \FileSystem\Fastfat \Fat 8A504728

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 896501E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -147004149
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1260004611
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFC 0x5B 0xCB 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x98 0x5E 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD1 0x9D 0xE3 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFC 0x5B 0xCB 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x98 0x5E 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD1 0x9D 0xE3 0x31 ...

---- EOF - GMER 1.0.15 ----


Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/24/2010 8:50:34 AM
mbam-log-2010-01-24 (08-50-34).txt

Scan type: Quick Scan
Objects scanned: 104049
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 1/24/2010 8:51:18 AM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Ryan\Desktop\Cleanup
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 52.51 Gb Free Space | 75.84% Space Free | Partition Type: NTFS
Drive D: | 279.47 Gb Total Space | 243.23 Gb Free Space | 87.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 596.17 Gb Total Space | 362.86 Gb Free Space | 60.86% Space Free | Partition Type: NTFS

Computer Name: PC1
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/24 08:49:50 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\Cleanup\OTL.exe
PRC - [2010/01/17 07:35:54 | 03,214,272 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2009/12/30 14:55:16 | 01,389,904 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/11/20 20:32:14 | 00,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/07/20 12:30:50 | 00,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 00,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/24 22:07:40 | 17,887,232 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 21:42:00 | 00,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008/04/09 20:23:22 | 00,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/04/09 20:14:28 | 00,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/04/09 20:14:18 | 00,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/09 20:11:24 | 02,595,792 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/12 02:48:46 | 00,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2006/10/04 12:49:02 | 00,892,928 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2003/05/15 01:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010/01/24 08:49:50 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\Cleanup\OTL.exe
MOD - [2009/07/20 12:29:06 | 00,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/02/13 08:22:35 | 00,117,696 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll
MOD - [2008/07/25 11:17:20 | 00,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/04/14 04:00:00 | 00,173,056 | ---- | M] () -- C:\WINDOWS\inuladolequfiraw.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/05 09:42:47 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/11/20 20:32:14 | 00,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/07/20 12:28:10 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/09 21:42:00 | 00,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 20:14:18 | 00,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/04/08 09:56:30 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2008/01/22 11:13:26 | 00,275,752 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/10/04 12:49:02 | 00,892,928 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {1dbc4a33-ea62-4330-966c-7bdad3455322}:1.0.6.6
FF - prefs.js..extensions.enabledItems: {6E50D81E-BD82-4E2B-A39F-BDE48DFD579F}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{6E50D81E-BD82-4E2B-A39F-BDE48DFD579F}: C:\Documents and Settings\Ryan\Local Settings\Application Data\{6E50D81E-BD82-4E2B-A39F-BDE48DFD579F} [2010/01/18 09:59:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/14 21:15:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/14 21:15:55 | 00,000,000 | ---D | M]

[2009/12/03 12:04:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Extensions
[2010/01/23 19:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1o32jd03.default\extensions
[2009/12/11 18:24:11 | 00,000,000 | ---D | M] (Remove It Permanently) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1o32jd03.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
[2010/01/17 08:29:16 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\1o32jd03.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/03 12:04:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/19 02:16:24 | 00,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
[2008/06/19 02:16:24 | 00,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll

O1 HOSTS File: ([2010/01/18 11:53:56 | 00,373,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12872 more lines...
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Bqegub] C:\WINDOWS\inuladolequfiraw.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\helper32.dll ()
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/02 21:45:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b1832fed-fa64-11de-ba27-001fd081fbc0}\Shell\AutoRun\command - "" = L:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/02 21:45:00 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 14 Days ==========

[2010/01/24 08:47:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\Logs
[2010/01/24 08:27:49 | 80,328,144 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ryan\Desktop\avg_free_stf_en_90_730a1834.exe
[2010/01/23 19:21:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\Misc
[2010/01/22 23:51:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\Nero 9.4.26.0 multilanguage
[2010/01/22 17:21:11 | 00,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2010/01/22 17:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\My ISO Files
[2010/01/22 17:21:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2010/01/18 10:20:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Malwarebytes
[2010/01/18 10:20:41 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/18 10:20:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/18 10:20:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/18 10:20:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/18 10:13:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\Cleanup
[2010/01/18 10:11:29 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/18 10:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/18 10:09:34 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Ryan\Recent
[2010/01/18 10:09:25 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/18 09:59:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\{6E50D81E-BD82-4E2B-A39F-BDE48DFD579F}
[2010/01/18 09:58:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/17 12:00:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\Myco
[2010/01/17 08:37:52 | 00,000,000 | ---D | C] -- C:\Program Files\2xtreme
[2010/01/17 08:32:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\dwhelper
[2010/01/16 17:23:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\QuickPar
[2010/01/16 09:08:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\foobar2000
[2010/01/16 09:08:42 | 00,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2010/01/16 09:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\CD
[2010/01/16 08:20:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Amazon
[2010/01/16 08:19:52 | 00,000,000 | ---D | C] -- C:\Program Files\Amazon
[2010/01/15 21:52:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\Updater
[2010/01/15 19:46:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\Frame
[2010/01/14 21:15:57 | 00,000,000 | ---D | C] -- C:\Program Files\QuickPar
[2010/01/12 20:14:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/01/11 18:56:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\AdobeUM
[2010/01/11 18:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\My eBooks
[2010/01/11 16:32:25 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools
[2009/12/09 05:59:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2009/12/05 09:52:00 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ryan\Application Data\pcouffin.sys
[2009/12/02 21:48:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/02 21:48:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/02 21:45:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/02 21:45:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/11/24 10:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 14 Days ==========

[2010/01/24 08:51:57 | 06,815,744 | -H-- | M] () -- C:\Documents and Settings\Ryan\NTUSER.DAT
[2010/01/24 08:51:06 | 00,000,098 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Malware and Spyware Cleaning Guide.URL
[2010/01/24 08:45:06 | 00,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/01/24 08:45:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/24 08:45:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/24 08:41:28 | 80,328,144 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ryan\Desktop\avg_free_stf_en_90_730a1834.exe
[2010/01/24 08:40:56 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Okavimonobapuy.dat
[2010/01/24 08:40:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Wxoresiqaquzuw.bin
[2010/01/24 08:28:34 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUser.dat
[2010/01/23 22:58:16 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/23 22:58:07 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/23 14:46:02 | 00,000,095 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\AVG Forums - How To Clean An Infected Computer.URL
[2010/01/23 14:01:38 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/22 17:16:36 | 00,000,134 | ---- | M] () -- C:\Documents and Settings\Ryan\default.pls
[2010/01/18 20:26:15 | 19,593,422 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\TVersityProSetup_1_7_4.exe
[2010/01/18 15:25:31 | 00,000,354 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to My Music.lnk
[2010/01/18 12:15:29 | 00,000,381 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to Newzbin Downloads.lnk
[2010/01/18 09:57:54 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\housecall.guid.cache
[2010/01/18 09:56:31 | 00,000,217 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/18 09:56:30 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/17 14:43:48 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/17 11:14:28 | 00,001,041 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\vso_ts_preview.xml
[2010/01/17 11:13:49 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\inst.exe
[2010/01/17 11:13:49 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Ryan\Application Data\pcouffin.sys
[2010/01/17 11:13:49 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\pcouffin.cat
[2010/01/17 11:13:49 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\pcouffin.inf
[2010/01/17 08:40:08 | 07,774,720 | ---- | M] () -- C:\WINDOWS\ffmpeg.exe
[2010/01/15 17:22:26 | 00,000,062 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Phil Shane on the Web.URL
[2010/01/12 20:51:02 | 00,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/01/12 20:49:22 | 06,436,294 | -H-- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\IconCache.db
[2010/01/12 20:14:24 | 00,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/11 16:35:16 | 00,000,407 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to My Pictures.lnk
[2010/01/11 16:33:23 | 00,000,951 | ---- | M] () -- C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/01/11 16:33:12 | 00,000,001 | ---- | M] () -- C:\Documents and Settings\Ryan\a
[2010/01/11 16:30:23 | 00,646,392 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys

========== Files Created - No Company Name ==========

[2010/01/24 08:51:06 | 00,000,098 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Malware and Spyware Cleaning Guide.URL
[2010/01/24 08:28:34 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUser.dat
[2010/01/23 14:24:35 | 00,000,095 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\AVG Forums - How To Clean An Infected Computer.URL
[2010/01/18 19:51:28 | 19,593,422 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\TVersityProSetup_1_7_4.exe
[2010/01/18 15:25:31 | 00,000,354 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to My Music.lnk
[2010/01/18 12:15:29 | 00,000,381 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to Newzbin Downloads.lnk
[2010/01/18 09:59:36 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Okavimonobapuy.dat
[2010/01/18 09:59:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wxoresiqaquzuw.bin
[2010/01/18 09:57:54 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\housecall.guid.cache
[2010/01/18 09:56:31 | 00,000,217 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/18 09:56:07 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/18 09:13:43 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Ryan\default.pls
[2010/01/17 08:38:46 | 07,774,720 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
[2010/01/15 17:22:26 | 00,000,062 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Phil Shane on the Web.URL
[2010/01/12 20:51:02 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/01/12 20:14:24 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/11 16:35:16 | 00,000,407 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Shortcut to My Pictures.lnk
[2010/01/11 16:33:23 | 00,000,951 | ---- | C] () -- C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/01/11 16:30:23 | 00,646,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/22 07:55:24 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/14 05:44:53 | 00,001,041 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\vso_ts_preview.xml
[2009/12/13 11:32:31 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/13 11:17:23 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/12/13 09:45:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/11 17:34:44 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/05 09:52:06 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\pcouffin.log
[2009/12/05 09:52:00 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\inst.exe
[2009/12/05 09:52:00 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\pcouffin.cat
[2009/12/05 09:52:00 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\pcouffin.inf
[2009/12/03 09:07:07 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/12/02 21:51:19 | 00,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/12/19 06:15:58 | 04,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 08:41:18 | 00,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 08:22:58 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 08:22:48 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 08:17:34 | 00,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 07:59:54 | 00,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/11 02:27:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/04/14 04:00:00 | 00,173,056 | ---- | C] () -- C:\WINDOWS\inuladolequfiraw.dll
[2004/10/03 08:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/01/07 22:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/22 21:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2009/12/09 05:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/12/21 08:35:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/12/04 06:07:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/12/15 21:15:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/12/13 11:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Add-in Express
[2010/01/16 08:20:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Amazon
[2010/01/16 23:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\foobar2000
[2010/01/09 13:10:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Leadertech
[2010/01/05 18:28:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\NewsLeecher
[2010/01/17 10:21:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\uTorrent
[2010/01/17 11:13:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/06/09 10:22:19 | 17,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/06/09 10:22:19 | 17,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 22:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 22:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 04:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008/04/13 22:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 04:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 04:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:E5F54029E5CEBA47
< End of report >


OTL Extras logfile created on: 1/24/2010 8:51:18 AM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Ryan\Desktop\Cleanup
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 52.51 Gb Free Space | 75.84% Space Free | Partition Type: NTFS
Drive D: | 279.47 Gb Total Space | 243.23 Gb Free Space | 87.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 596.17 Gb Total Space | 362.86 Gb Free Space | 60.86% Space Free | Partition Type: NTFS

Computer Name: PC1
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mpxu.exe" = C:\WINDOWS\system32\mpxu.exe:*:Enabled:mpxu -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7452472E-FC85-4AEB-8B67-24C63ECCF5C8}" = LeapFrog Leapster2 Plugin
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{7F064652-9F57-4BF3-8124-94AEC7533F2F}" = LeapFrog Didj Plugin
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Premium
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B1D8CAE1-62E8-4259-8B57-1755629F71EC}" = Diskeeper 2007 Pro Premier
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.0.1.0
"Adobe Audition 2.0" = Adobe Audition 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AnyDVD" = AnyDVD
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"DidjPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Didj Plugin)
"DownTubeMe 2010 Plus" = DownTubeMe 2010 Plus
"EOS Utility" = Canon Utilities EOS Utility
"foobar2000" = foobar2000 v1.0
"HijackThis" = HijackThis 2.0.2
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PhotoStitch" = Canon Utilities PhotoStitch
"QuickPar" = QuickPar 0.9
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Trim Spaces for Microsoft Excel_is1" = Trim Spaces for Microsoft Excel 1.1
"UltraISO_is1" = UltraISO Premium V9.2
"UPCShell" = LeapFrog Connect
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2009 10:46:26 PM | Computer Name = RYAN-D1BDC364D4 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Outlook 2003 (KB953432): OUTLOOK' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127

Error - 12/14/2009 11:38:27 PM | Computer Name = RYAN-D1BDC364D4 | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.1.2.34, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 12/14/2009 11:38:32 PM | Computer Name = RYAN-D1BDC364D4 | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.1.2.34, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 12/14/2009 11:38:33 PM | Computer Name = RYAN-D1BDC364D4 | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.1.2.34, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 12/14/2009 11:38:39 PM | Computer Name = RYAN-D1BDC364D4 | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.1.2.34, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 12/14/2009 11:38:40 PM | Computer Name = RYAN-D1BDC364D4 | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.1.2.34, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 12/14/2009 11:38:40 PM | Computer Name = RYAN-D1BDC364D4 | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.1.2.34, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 12/14/2009 11:38:41 PM | Computer Name = RYAN-D1BDC364D4 | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.1.2.34, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 12/15/2009 12:55:45 AM | Computer Name = RYAN-D1BDC364D4 | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.1.2.34, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 12/15/2009 12:56:42 AM | Computer Name = RYAN-D1BDC364D4 | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.1.2.34, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

[ System Events ]
Error - 12/14/2009 10:43:53 PM | Computer Name = RYAN-D1BDC364D4 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Security Update for Microsoft Works Suite 2005 (KB943973).

Error - 12/14/2009 10:44:04 PM | Computer Name = RYAN-D1BDC364D4 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Security Update for Microsoft Office Outlook 2003 (KB945432).

Error - 12/14/2009 10:44:21 PM | Computer Name = RYAN-D1BDC364D4 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Security Update for Microsoft Office 2003 (KB953404).

Error - 12/14/2009 10:44:28 PM | Computer Name = RYAN-D1BDC364D4 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Security Update for Microsoft Office Publisher 2003 (KB950213).

Error - 12/14/2009 10:44:40 PM | Computer Name = RYAN-D1BDC364D4 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Security Update for Microsoft Office Word 2003 (KB954464).

Error - 12/14/2009 10:44:56 PM | Computer Name = RYAN-D1BDC364D4 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Security Update for Office 2003 (KB954478).

Error - 12/14/2009 10:46:01 PM | Computer Name = RYAN-D1BDC364D4 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Security Update for Microsoft Office Excel 2003 (KB955466).

Error - 12/14/2009 10:46:10 PM | Computer Name = RYAN-D1BDC364D4 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB976882).

Error - 12/14/2009 10:46:20 PM | Computer Name = RYAN-D1BDC364D4 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Update for Office 2003 (KB907417).

Error - 12/14/2009 10:46:31 PM | Computer Name = RYAN-D1BDC364D4 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Update for Microsoft Office Outlook 2003 (KB953432).


< End of report >


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:05 AM, on 1/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Documents and Settings\Ryan\Desktop\Cleanup\OTL.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.diskeeper...mp;Platform=x86
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bqegub] rundll32.exe "C:\WINDOWS\inuladolequfiraw.dll",Startup
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 5941 bytes


Edited by mycotopian, 24 January 2010 - 11:04 AM.

  • 0

Advertisements

#2
Rorschach112
Posted 24 January 2010 - 11:24 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Download SysRestorePoint to your desktop and unzip it to it's own folder.
  • Double click SysRestorePoint.exe so that we can make a new system restore point.
  • A box will pop up after it has made a new point, usually after a few seconds. Close that window and exit the program.



Step 2 : The fix



A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.
  • Please download LSPFix from here.
  • Run the LSPFix.exe that you have just finished downloading.
  • Check the I know what I'm doing box.
  • In the Keep box you should see one or more instances of helper32.dll or winhelper86.dll
  • Select every instance of helper32.dll or winhelper86.dll and move each one to the Remove box by clicking the >> button.
  • When you are done click Finish>>.



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\Userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-

:Files
%HOMEDRIVE%\Internet Security 2010.lnk /s

:Commands
[purity]
[CREATERESTOREPOINT] 
[resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it wont take long.




1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the Avenger folder to your desktop
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Files to delete:
%systemroot%\System32\winlogon32.exe
%systemroot%\System32\smss32.exe
%systemroot%\System32\AVR10.exe
%systemroot%\System32\helper32.dll
%systemroot%\System32\winlogon32.exe
%systemroot%\System32\smss32.exe
%systemroot%\System32\warning.html
%systemroot%\system32\IS15.exe
%systemroot%\System32\winhelper86.dll
%HOMEDRIVE%\trhh.exe
%HOMEDRIVE%\sdigdvmg.exe
%HOMEDRIVE%\wgqi.exe
%HOMEDRIVE%\byyk.exe
%systemroot%\lsass.exe 
%systemroot%\odbn0.exe
%systemroot%\System32\sdra64.exe
%systemroot%\System32\41.exe
%systemroot%\System32\153.exe
%systemroot%\System32\292.exe
%systemroot%\System32\491.exe
%systemroot%\System32\1869.exe
%systemroot%\system32\2876.exe
%systemroot%\System32\2995.exe
%systemroot%\System32\3902.exe
%systemroot%\System32\4827.exe
%systemroot%\System32\5436.exe
%systemroot%\System32\5447.exe
%systemroot%\System32\5705.exe
%systemroot%\System32\6334.exe
%systemroot%\System32\7376.exe
%systemroot%\System32\9961.exe
%systemroot%\System32\11478.exe
%systemroot%\System32\11538.exe
%systemroot%\System32\11942.exe
%systemroot%\System32\12382.exe
%systemroot%\system32\12662.exe
%systemroot%\System32\13931.exe
%systemroot%\system32\14070.exe
%systemroot%\System32\14604.exe
%systemroot%\System32\14771.exe
%systemroot%\System32\15724.exe
%systemroot%\System32\16827.exe
%systemroot%\System32\16944.exe
%systemroot%\system32\17125.exe
%systemroot%\System32\17421.exe
%systemroot%\System32\18467.exe
%systemroot%\System32\18716.exe
%systemroot%\System32\19169.exe
%systemroot%\System32\19718.exe
%systemroot%\System32\19895.exe
%systemroot%\system32\19905.exe
%systemroot%\System32\19912.exe
%systemroot%\system32\21386.exe
%systemroot%\System32\21726.exe
%systemroot%\system32\22934.exe
%systemroot%\System32\23281.exe
%systemroot%\system32\24242.exe
%systemroot%\System32\24464.exe
%systemroot%\system32\24478.exe
%systemroot%\System32\26308.exe
%systemroot%\System32\26500.exe
%systemroot%\System32\26962.exe
%systemroot%\system32\27213.exe
%systemroot%\System32\28145.exe
%systemroot%\system32\28466.exe
%systemroot%\System32\29358.exe
%systemroot%\System32\32391.exe
%systemroot%\System32\32439.exe
%systemroot%\system32\ndisdrv.sys
%HOMEDRIVE%\s
%systemroot%\system32\kbdsock.dll
%systemroot%\system32\mshlps.dll 
%systemroot%\system32\drivers\kdrhkukb.sys 

Folders to delete:
%PROGRAMFILES%\InternetSecurity2010
%systemroot%\System32\lowsec

Drivers to delete:
lmuytnv
ndisdrv
qvazdxe

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.


Time for one final scan


Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Reboot your PC and see if the infection is gone.



The infection should hopefully be removed after these steps.
  • 0

#3
mycotopian
Posted 24 January 2010 - 07:47 PM

mycotopian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
That did the trick. THANK YOU!
  • 0

#4
Rorschach112
Posted 25 January 2010 - 07:55 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP