Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect, can't run system restore, regedit, or any anti-ma

Started by bskier13 , Aug 25 2009 11:00 AM

  • Please log in to reply

#1
bskier13
Posted 25 August 2009 - 11:00 AM

bskier13

    New Member

  • Member
  • Pip
  • 1 posts
+++ Don't bother - reinstalled xp, and all is resolved +++

I, too, am new to this forum, and I'm having issues with symptoms very similar to the ones described in the following topic.

http://www.geekstogo...re-t250386.html

I took the advice and downloaded Win32kDiag.exe. I try to run the following command ("%userprofile%\desktop\win32kdiag.exe" -f -r) through the Start menu, but I just get the hourglass to blip up for a second, then nothing. This is the same response I get when trying to run anything through the Start-Run command line.

I can't run malwarebytes which I've had success with in the past, and I downloaded AVG which was able to perform a scan, and eliminated the incessant fake Anti-Virus popups, but now that won't run either.

I also can't boot in safe mode without an error. I'm nearing the point where I just reformat, but I'd rather not.

Any ideas? Seems like if I could force a system restore, then I could get beyond this, but I don't know a way to run it.

I appreciate any help!

Thanks!

I've since run Root Repeal and OTL, and have included these logs:

######################### ROOT REPEAL ###############################

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/27 21:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEF59D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8BA4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xED4F2000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF892C000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF7A44000 Size: 61440 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\Drivers\Beep.SYS" at address 0xf86f61a0

==EOF==


############################ OTL ####################################

OTL logfile created on: 8/27/2009 9:08:05 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Ben\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.40 Mb Total Physical Memory | 260.20 Mb Available Physical Memory | 50.88% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.17 Gb Total Space | 14.19 Gb Free Space | 27.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEHRIG
Current User Name: Ben
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2004/12/04 04:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2004/03/04 12:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2004/03/04 12:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2004/09/07 17:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
PRC - [2009/08/24 19:27:49 | 00,163,840 | ---- | M] () -- C:\WINDOWS\svchast.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/24 21:51:26 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2005/04/30 18:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/05/23 22:43:11 | 00,052,736 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
PRC - [2005/03/04 00:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
PRC - [2004/12/04 04:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe
PRC - [2009/08/24 21:51:32 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/24 21:51:32 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/06/29 04:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/27 21:06:42 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/08/24 19:27:49 | 00,163,840 | ---- | M] () -- C:\WINDOWS\svchast.exe -- (AntipPro2009_100 [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/12/04 04:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Stopped])
SRV - [2009/08/24 21:51:26 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2005/04/30 18:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/05/23 22:43:11 | 00,052,736 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
SRV - File not found -- -- (ccEvtMgr [Auto | Stopped])
SRV - File not found -- -- (ccSetMgr [Auto | Stopped])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - File not found -- -- (comHost [On_Demand | Stopped])
SRV - [2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - File not found -- -- (ISPwdSvc [On_Demand | Stopped])
SRV - [2004/03/04 12:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2007/09/12 19:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - File not found -- -- (LiveUpdate Notice Ex [Auto | Stopped])
SRV - [2007/11/28 20:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2005/03/04 00:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - File not found -- -- (OpcEnum [On_Demand | Stopped])
SRV - [2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - File not found -- -- (Symantec Core LC [On_Demand | Stopped])
SRV - File not found -- -- (SymAppCore [Auto | Stopped])
SRV - [2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mlb.mlb.com/index.jsp [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - URLSearchHook: _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\tajf83ikdmf.dll) - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\System32\tajf83ikdmf.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [braviax] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Adware Professional] C:\Program Files\Adware Professional\Adware Professional.exe ()
O4 - HKCU..\Run: [braviax] C:\WINDOWS\System32\braviax.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Windows System Recover!] C:\DOCUME~1\Ben\LOCALS~1\Temp\winlogon.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://employee.nat...perSetupSP1.cab (Reg Error: Key error.)
O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} http://xmro.xmradio..../xmprofiler.CAB (XMRADIO.XM_SystemProfiler)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.40 24.92.226.41
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (cru629.dat\Extensio.) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (tapi.nfo) - C:\WINDOWS\System32\tapi.nfo ()
O20 - HKLM Winlogon: Shell - (beforeglav) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O22 - SharedTaskScheduler: {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - ghya673gidh87we9inkff - C:\WINDOWS\System32\tajf83ikdmf.dll ()
O22 - SharedTaskScheduler: ThreadingModel - Apartment - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2009/12/17 21:16:54 | 00,008,932 | ---- | C] () -- C:\WINDOWS\56ebspywarz1029.bin
[2009/12/08 01:08:08 | 00,017,941 | ---- | C] () -- C:\WINDOWS\System32\c65addw5r92880z.bin
[2009/12/04 20:19:46 | 00,011,230 | ---- | C] () -- C:\WINDOWS\System32\9935s5yze1.bin
[2009/12/04 17:16:07 | 00,012,023 | ---- | C] () -- C:\WINDOWS\System32\4356zpa9bot54c.bin
[2009/11/28 03:16:17 | 00,003,633 | ---- | C] () -- C:\WINDOWS\25885no9-z-virus50f5.bin
[2009/11/21 11:41:33 | 00,018,208 | ---- | C] () -- C:\WINDOWS\640cba5kdoor9941z.bin
[2009/11/19 21:52:59 | 00,010,674 | ---- | C] () -- C:\WINDOWS\System32\4fedste9l2z95.bin
[2009/11/13 19:42:00 | 00,005,520 | ---- | C] () -- C:\WINDOWS\System32\631c9pywzre559.bin
[2009/10/27 12:40:52 | 00,016,704 | ---- | C] () -- C:\WINDOWS\25z38worm395.bin
[2009/10/25 08:02:49 | 00,007,334 | ---- | C] () -- C:\WINDOWS\17c9ad9wa5e207z.bin
[2009/10/20 19:06:06 | 00,004,877 | ---- | C] () -- C:\WINDOWS\z5949virus905.bin
[2009/10/02 04:00:44 | 00,016,906 | ---- | C] () -- C:\WINDOWS\System32\b4cth5ez2954.bin
[2009/09/19 20:05:03 | 00,003,758 | ---- | C] () -- C:\WINDOWS\System32\1443zt9oj325.bin
[2009/09/18 15:03:49 | 00,016,638 | ---- | C] () -- C:\WINDOWS\System32\5aazspar9e2525.bin
[2009/09/17 05:55:19 | 00,014,412 | ---- | C] () -- C:\WINDOWS\4958backdzor596.bin
[2009/09/13 14:58:08 | 00,017,085 | ---- | C] () -- C:\WINDOWS\System32\5789orz7f15.bin
[2009/09/09 02:07:09 | 00,016,650 | ---- | C] () -- C:\WINDOWS\System32\23145spy49z.bin
[2009/09/03 07:51:14 | 00,003,619 | ---- | C] () -- C:\WINDOWS\System32\17941zo5m43.bin
[2009/08/27 21:06:38 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ben\Desktop\OTL.exe
[2009/08/27 21:02:46 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\settings.dat
[2009/08/27 21:02:19 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Ben\Desktop\RootRepeal.exe
[2009/08/27 20:55:30 | 03,942,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ben\Desktop\mbam-setup13.exe
[2009/08/27 20:51:54 | 03,942,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ben\Desktop\mbam-setup22.exe
[2009/08/27 20:50:44 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Ben\Desktop\erunt_setup.exe
[2009/08/27 20:44:23 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Ben\Desktop\SysRestorePoint.exe
[2009/08/27 20:43:30 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ben\Desktop\TFC.exe
[2009/08/27 19:26:46 | 00,000,986 | ---- | C] () -- C:\Documents and Settings\Ben\My Documents\bo profile.zip
[2009/08/26 08:49:56 | 00,014,091 | ---- | C] () -- C:\WINDOWS\System32\1z194viru91235.bin
[2009/08/25 20:19:04 | 00,008,131 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\holiday_clipart_halloween.gif
[2009/08/25 20:07:02 | 00,074,629 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\bright tree.jpg
[2009/08/25 19:12:18 | 00,125,101 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\green foliage pic.jpg
[2009/08/25 15:20:17 | 00,101,376 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\reply_card.doc
[2009/08/25 12:12:41 | 00,046,080 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\Win32kDiag.exe
[2009/08/25 06:39:43 | 00,251,392 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\hijackthis_sfx.exe
[2009/08/25 01:49:46 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/24 23:02:24 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\onhelp.htm
[2009/08/24 22:28:45 | 00,008,550 | ---- | C] () -- C:\WINDOWS\System32\wispex.html
[2009/08/24 22:28:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2009/08/24 21:56:26 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/24 21:53:59 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\bincd32.dat
[2009/08/24 21:52:13 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/24 21:52:12 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/24 21:52:11 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/24 21:52:04 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/24 21:52:02 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/24 21:51:44 | 40,211,258 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/24 21:51:42 | 00,073,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/24 21:51:41 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/24 21:51:39 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/24 21:51:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/24 21:51:25 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/24 21:51:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/08/24 21:39:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\Application Data\AVG8
[2009/08/24 21:07:45 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/08/24 21:07:32 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/08/24 20:33:41 | 00,687,104 | ---- | C] () -- C:\WINDOWS\is-FI9SA.exe
[2009/08/24 20:33:41 | 00,010,498 | ---- | C] () -- C:\WINDOWS\is-FI9SA.msg
[2009/08/24 20:33:41 | 00,000,380 | ---- | C] () -- C:\WINDOWS\is-FI9SA.lst
[2009/08/24 20:11:53 | 00,000,814 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\Adware Professional.lnk
[2009/08/24 20:11:51 | 00,000,000 | ---D | C] -- C:\Program Files\Adware Professional
[2009/08/24 19:33:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/08/24 19:30:38 | 00,348,329 | ---- | C] () -- C:\WINDOWS\System32\_scui.cpl
[2009/08/24 19:30:38 | 00,001,686 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\PC_Antispyware2010.lnk
[2009/08/24 19:30:33 | 00,000,000 | ---D | C] -- C:\Program Files\PC_Antispyware2010
[2009/08/24 19:27:50 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/24 19:27:50 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/24 19:27:49 | 00,489,472 | ---- | C] (ASC - AntiSpyware) -- C:\WINDOWS\System32\dddesot.dll
[2009/08/24 19:27:49 | 00,390,144 | ---- | C] () -- C:\WINDOWS\System32\desot.exe
[2009/08/24 19:27:49 | 00,163,840 | ---- | C] () -- C:\WINDOWS\svchast.exe
[2009/08/24 19:27:49 | 00,000,064 | ---- | C] () -- C:\WINDOWS\ppp4.dat
[2009/08/24 19:27:49 | 00,000,004 | ---- | C] () -- C:\WINDOWS\ppp3.dat
[2009/08/24 19:27:47 | 00,001,756 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\Windows Antivirus Pro.lnk
[2009/08/24 19:27:21 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Antivirus Pro
[2009/08/24 19:24:43 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\cru629.dat
[2009/08/24 19:24:43 | 00,006,144 | ---- | C] () -- C:\WINDOWS\cru629.dat
[2009/08/24 19:24:38 | 00,011,264 | ---- | C] () -- C:\WINDOWS\braviax.exe
[2009/08/24 19:22:07 | 00,031,237 | ---- | C] () -- C:\WINDOWS\System32\logon.exe
[2009/08/24 19:21:29 | 00,025,088 | ---- | C] () -- C:\WINDOWS\System32\tapi.nfo
[2009/08/24 19:21:17 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
[2009/08/24 19:21:11 | 00,094,208 | ---- | C] () -- C:\jybmkssu.exe
[2009/08/24 19:20:35 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\tajf83ikdmf.dll
[2009/08/24 19:19:47 | 00,069,394 | ---- | C] () -- C:\sdlb.exe
[2009/08/24 19:19:46 | 00,190,745 | ---- | C] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/24 19:19:46 | 00,020,992 | ---- | C] () -- C:\lcbckjms.exe
[2009/08/24 19:19:43 | 00,000,002 | -HS- | C] () -- C:\750087425
[2009/08/24 19:19:42 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/08/24 19:19:40 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/24 19:19:36 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\~.exe
[2009/08/24 13:12:22 | 00,003,202 | ---- | C] () -- C:\WINDOWS\System32\95fadownloazer735.bin
[2009/08/24 10:04:11 | 00,009,870 | ---- | C] () -- C:\WINDOWS\System32\2z650vi5us792.bin
[2009/08/23 16:12:03 | 00,041,538 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\silhouette-tree.gif
[2009/08/23 14:31:54 | 00,027,472 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/23 08:36:35 | 00,000,388 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\Downloads.lnk
[2009/08/22 08:38:29 | 01,283,835 | ---- | C] () -- C:\Documents and Settings\Ben\My Documents\DB_082109.zip
[2009/08/14 18:54:08 | 00,139,776 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\Directions & Accomodations.ppt
[2009/08/14 18:20:37 | 00,097,792 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\Direction Sheet.doc

========== Files - Modified Within 14 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/12/17 21:16:54 | 00,008,932 | ---- | M] () -- C:\WINDOWS\56ebspywarz1029.bin
[2009/12/08 01:08:08 | 00,017,941 | ---- | M] () -- C:\WINDOWS\System32\c65addw5r92880z.bin
[2009/12/04 20:19:46 | 00,011,230 | ---- | M] () -- C:\WINDOWS\System32\9935s5yze1.bin
[2009/12/04 17:16:07 | 00,012,023 | ---- | M] () -- C:\WINDOWS\System32\4356zpa9bot54c.bin
[2009/11/28 03:16:17 | 00,003,633 | ---- | M] () -- C:\WINDOWS\25885no9-z-virus50f5.bin
[2009/11/21 11:41:33 | 00,018,208 | ---- | M] () -- C:\WINDOWS\640cba5kdoor9941z.bin
[2009/11/19 21:52:59 | 00,010,674 | ---- | M] () -- C:\WINDOWS\System32\4fedste9l2z95.bin
[2009/11/13 19:42:00 | 00,005,520 | ---- | M] () -- C:\WINDOWS\System32\631c9pywzre559.bin
[2009/10/27 12:40:52 | 00,016,704 | ---- | M] () -- C:\WINDOWS\25z38worm395.bin
[2009/10/25 08:02:49 | 00,007,334 | ---- | M] () -- C:\WINDOWS\17c9ad9wa5e207z.bin
[2009/10/20 19:06:06 | 00,004,877 | ---- | M] () -- C:\WINDOWS\z5949virus905.bin
[2009/10/02 04:00:44 | 00,016,906 | ---- | M] () -- C:\WINDOWS\System32\b4cth5ez2954.bin
[2009/09/19 20:05:03 | 00,003,758 | ---- | M] () -- C:\WINDOWS\System32\1443zt9oj325.bin
[2009/09/18 15:03:49 | 00,016,638 | ---- | M] () -- C:\WINDOWS\System32\5aazspar9e2525.bin
[2009/09/17 05:55:19 | 00,014,412 | ---- | M] () -- C:\WINDOWS\4958backdzor596.bin
[2009/09/13 14:58:08 | 00,017,085 | ---- | M] () -- C:\WINDOWS\System32\5789orz7f15.bin
[2009/09/09 02:07:09 | 00,016,650 | ---- | M] () -- C:\WINDOWS\System32\23145spy49z.bin
[2009/09/03 07:51:14 | 00,003,619 | ---- | M] () -- C:\WINDOWS\System32\17941zo5m43.bin
[2009/08/27 21:17:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/08/27 21:06:42 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben\Desktop\OTL.exe
[2009/08/27 21:02:46 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\settings.dat
[2009/08/27 21:02:24 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Ben\Desktop\RootRepeal.exe
[2009/08/27 20:56:46 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/27 20:55:41 | 03,942,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ben\Desktop\mbam-setup13.exe
[2009/08/27 20:52:04 | 03,942,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ben\Desktop\mbam-setup22.exe
[2009/08/27 20:50:51 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Ben\Desktop\erunt_setup.exe
[2009/08/27 20:50:23 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Ben\Desktop\SysRestorePoint.exe
[2009/08/27 20:48:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/27 20:47:49 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/08/27 20:47:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/27 20:47:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/27 20:47:07 | 53,630,9760 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/27 20:46:56 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/27 20:46:56 | 00,011,264 | ---- | M] () -- C:\WINDOWS\braviax.exe
[2009/08/27 20:46:56 | 00,006,144 | ---- | M] () -- C:\WINDOWS\System32\cru629.dat
[2009/08/27 20:46:56 | 00,006,144 | ---- | M] () -- C:\WINDOWS\cru629.dat
[2009/08/27 20:43:35 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben\Desktop\TFC.exe
[2009/08/27 19:26:47 | 00,000,986 | ---- | M] () -- C:\Documents and Settings\Ben\My Documents\bo profile.zip
[2009/08/27 19:17:20 | 40,211,258 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/27 19:16:06 | 00,073,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/26 08:49:56 | 00,014,091 | ---- | M] () -- C:\WINDOWS\System32\1z194viru91235.bin
[2009/08/25 20:18:52 | 00,008,131 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\holiday_clipart_halloween.gif
[2009/08/25 20:06:33 | 00,074,629 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\bright tree.jpg
[2009/08/25 19:11:40 | 00,125,101 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\green foliage pic.jpg
[2009/08/25 15:20:17 | 00,101,376 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\reply_card.doc
[2009/08/25 12:12:44 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\Win32kDiag.exe
[2009/08/25 06:39:44 | 00,251,392 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\hijackthis_sfx.exe
[2009/08/25 06:31:00 | 00,390,144 | ---- | M] () -- C:\WINDOWS\System32\desot.exe
[2009/08/25 06:31:00 | 00,000,064 | ---- | M] () -- C:\WINDOWS\ppp4.dat
[2009/08/25 06:31:00 | 00,000,004 | ---- | M] () -- C:\WINDOWS\ppp3.dat
[2009/08/25 06:23:13 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\onhelp.htm
[2009/08/25 04:50:07 | 00,489,472 | ---- | M] (ASC - AntiSpyware) -- C:\WINDOWS\System32\dddesot.dll
[2009/08/25 01:49:46 | 00,000,030 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/24 21:56:52 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\bincd32.dat
[2009/08/24 21:52:13 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/24 21:52:12 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/24 21:52:11 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/24 21:52:04 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/24 21:52:02 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/24 21:51:42 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/24 21:51:41 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/24 20:59:12 | 00,348,329 | ---- | M] () -- C:\WINDOWS\System32\_scui.cpl
[2009/08/24 20:33:41 | 00,687,104 | ---- | M] () -- C:\WINDOWS\is-FI9SA.exe
[2009/08/24 20:33:41 | 00,010,498 | ---- | M] () -- C:\WINDOWS\is-FI9SA.msg
[2009/08/24 20:33:41 | 00,000,380 | ---- | M] () -- C:\WINDOWS\is-FI9SA.lst
[2009/08/24 20:11:53 | 00,000,814 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\Adware Professional.lnk
[2009/08/24 19:30:38 | 00,001,686 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\PC_Antispyware2010.lnk
[2009/08/24 19:27:50 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/24 19:27:50 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/24 19:27:49 | 00,163,840 | ---- | M] () -- C:\WINDOWS\svchast.exe
[2009/08/24 19:27:47 | 00,001,756 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\Windows Antivirus Pro.lnk
[2009/08/24 19:21:17 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
[2009/08/24 19:21:15 | 00,094,208 | ---- | M] () -- C:\jybmkssu.exe
[2009/08/24 19:21:11 | 00,000,002 | -HS- | M] () -- C:\750087425
[2009/08/24 19:20:35 | 00,031,237 | ---- | M] () -- C:\WINDOWS\System32\logon.exe
[2009/08/24 19:20:35 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\tajf83ikdmf.dll
[2009/08/24 19:19:48 | 00,190,745 | ---- | M] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/24 19:19:48 | 00,069,394 | ---- | M] () -- C:\sdlb.exe
[2009/08/24 19:19:47 | 00,025,088 | ---- | M] () -- C:\WINDOWS\System32\tapi.nfo
[2009/08/24 19:19:47 | 00,020,992 | ---- | M] () -- C:\lcbckjms.exe
[2009/08/24 19:19:41 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/08/24 19:19:41 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/08/24 19:19:36 | 00,077,824 | ---- | M] () -- C:\WINDOWS\System32\~.exe
[2009/08/24 13:12:22 | 00,003,202 | ---- | M] () -- C:\WINDOWS\System32\95fadownloazer735.bin
[2009/08/24 10:04:11 | 00,009,870 | ---- | M] () -- C:\WINDOWS\System32\2z650vi5us792.bin
[2009/08/23 16:11:45 | 00,041,538 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\silhouette-tree.gif
[2009/08/23 15:50:28 | 00,125,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/23 14:38:26 | 00,027,472 | ---- | M] () -- C:\Documents and Settings\Ben\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/23 08:37:02 | 00,000,388 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\Downloads.lnk
[2009/08/22 08:38:36 | 01,283,835 | ---- | M] () -- C:\Documents and Settings\Ben\My Documents\DB_082109.zip
[2009/08/14 19:29:00 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\Directions.ppt
[2009/08/14 19:28:57 | 00,139,776 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\Directions & Accomodations.ppt
[2009/08/14 19:27:46 | 00,097,792 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\Direction Sheet.doc
[2009/08/13 23:40:33 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== LOP Check ==========

[2009/08/24 21:51:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/28 20:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/05/02 19:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2005/08/05 15:05:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/01/23 21:35:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2005/09/26 21:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell Photo Printer 720
[2005/08/05 15:02:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2005/08/05 15:14:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2007/03/01 00:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/11/20 21:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2004/08/11 18:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/02/02 19:33:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/24 21:39:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ben\Application Data
[2009/04/26 17:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\BitDefender
[2005/08/11 16:23:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\COREL
[2005/08/10 22:54:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\CyberLink
[2005/08/05 15:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Intel
[2009/03/02 07:41:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Juniper Networks
[2005/08/12 22:15:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Leadertech
[2005/09/15 22:16:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mathsoft
[2009/08/14 08:04:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Move Networks
[2007/01/10 20:47:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\OLYMPUS
[2009/02/05 07:51:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\TigerPlayer
[2006/01/02 20:49:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Toshiba
[2009/05/28 20:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\U3
[2007/02/02 19:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Viewpoint
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/27 20:47:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/27 21:17:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job
[2009/08/27 20:47:49 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/08/24 19:21:15 | 00,094,208 | ---- | M] () -- C:\jybmkssu.exe
[2009/08/24 19:19:47 | 00,020,992 | ---- | M] () -- C:\lcbckjms.exe
[2009/08/24 19:19:48 | 00,069,394 | ---- | M] () -- C:\sdlb.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,063,488 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll
[3 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[3 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll
[3 C:\WINDOWS\system32\*.tmp files]

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Ben\Desktop\MOV00641.MPG:SummaryInformation
< End of report >


############################ EXTRAS ###############################

OTL Extras logfile created on: 8/27/2009 9:08:05 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Ben\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.40 Mb Total Physical Memory | 260.20 Mb Available Physical Memory | 50.88% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.17 Gb Total Space | 14.19 Gb Free Space | 27.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEHRIG
Current User Name: Ben
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\WINDOWS\System32\desot.exe ()
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"13761:TCP" = 13761:TCP:*:Enabled:BitComet 13761 TCP
"13761:UDP" = 13761:UDP:*:Enabled:BitComet 13761 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82D9302E-F209-4805-B548-52087047483A}" = Python 2.4
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.5
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adware Professional 5.0_is1" = Adware Professional v5.0
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"BitComet" = BitComet 1.07
"CdaC13Ba" = SafeCast Shared Components
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"Diamond Mind Baseball version 9" = Diamond Mind Baseball version 9
"DMB version 9a patch" = DMB version 9a patch
"DMB version 9c patch" = DMB version 9c patch
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWaySearchAssistantDE" = My Way Search Assistant
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC_Antispyware2010" = PC Antispyware 2010
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Win Antivirus Pro" = Windows Antivirus Pro
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2009 7:54:54 PM | Computer Name = GEHRIG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/25/2009 9:03:21 AM | Computer Name = GEHRIG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2009 5:48:50 PM | Computer Name = GEHRIG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/30/2009 4:22:59 PM | Computer Name = GEHRIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/5/2009 9:54:13 AM | Computer Name = GEHRIG | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....029037F096.crt>
with error: This operation returned because the timeout period expired.

Error - 8/5/2009 9:54:13 AM | Computer Name = GEHRIG | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....029037F096.crt>
with error: The specified server cannot perform the requested operation.

Error - 8/25/2009 6:54:59 AM | Computer Name = GEHRIG | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ Application Events ]
Error - 7/24/2009 7:54:54 PM | Computer Name = GEHRIG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/25/2009 9:03:21 AM | Computer Name = GEHRIG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2009 5:48:50 PM | Computer Name = GEHRIG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/30/2009 4:22:59 PM | Computer Name = GEHRIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/5/2009 9:54:13 AM | Computer Name = GEHRIG | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....029037F096.crt>
with error: This operation returned because the timeout period expired.

Error - 8/5/2009 9:54:13 AM | Computer Name = GEHRIG | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....029037F096.crt>
with error: The specified server cannot perform the requested operation.

Error - 8/25/2009 6:54:59 AM | Computer Name = GEHRIG | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 8/26/2009 8:10:45 PM | Computer Name = GEHRIG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl SRTSP SRTSPX SYMTDI

Error - 8/27/2009 7:15:44 PM | Computer Name = GEHRIG | Source = DCOM | ID = 10010
Description = The server {000C101C-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/27/2009 7:21:34 PM | Computer Name = GEHRIG | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate Notice Service
service to connect.

Error - 8/27/2009 7:21:34 PM | Computer Name = GEHRIG | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate
Scheduler service to connect.

Error - 8/27/2009 7:21:34 PM | Computer Name = GEHRIG | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%1053

Error - 8/27/2009 7:21:34 PM | Computer Name = GEHRIG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl SRTSP SRTSPX SYMTDI

Error - 8/27/2009 8:48:28 PM | Computer Name = GEHRIG | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate Notice Service
service to connect.

Error - 8/27/2009 8:48:28 PM | Computer Name = GEHRIG | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate
Scheduler service to connect.

Error - 8/27/2009 8:48:28 PM | Computer Name = GEHRIG | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%1053

Error - 8/27/2009 8:48:28 PM | Computer Name = GEHRIG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl SRTSP SRTSPX SYMTDI


< End of report >

Edited by bskier13, 30 August 2009 - 05:08 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP