Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help w/Problems Spawned by winupdate86.exe

Started by jscarpia , Dec 10 2009 10:04 PM

  • Please log in to reply

#1
jscarpia
Posted 10 December 2009 - 10:04 PM

jscarpia

    New Member

  • Member
  • Pip
  • 1 posts
Hi Folks,

So, this is the first time I've really gotten nailed by a serious virus. I've used the pay version of AVG (I'm on 9.0 right now) and Spybot S&D/Tea Timer for years, and they've managed to keep the threats at bay.

But a few weeks ago, I think I hit an attack site while surfing the web via Firefox. AVG warned me right away, and I closed the window ASAP -- but something must have nailed me. Every so often, the ID Protection on AVG would switch itself off. I could switch it back on easily enough, so I thought maybe it was just the new version of AVG being buggy (I'd recently upgraded from 8.5).

Also, though I didn't notice it right away (I don't use search engines too often), I began to get redirected to weird sites when using Yahoo and/or Google. They weren't obviously spyware-like or porny, so I initially thought I was getting redirected b/c of dead/bad links...until I hit one site that triggered both AVG and Tea Timer's warning windows. Trying to sort out all the windows, I accidentally hit 'allow' on one of the prompts, allowing a program called winupdate86.exe to install and start wreaking havoc.

For starters, it disabled the taskmgr and hijacked my desktop replacing it with a graphic that 'warned' me that my computer had been infected and kept prompting me to download software to 'cure' it. I recognized that the prompts that it was feeding me were bogus, so I closed the windows and went right for Spybot S&D and the AVG total scan.

Spybot would fix some of the damage, killing files like Win32.agent.chh and bring the taskmgr back online, but I was still locked out of my desktop and getting alternating messages that I was infected by worm.win32.netsky and trojan spm/lx -- not sure if they were from the malware or from one of my programs.

And when I rebooted, everything would be messed up again, as if Spybot hadn't done anything.

AVG would remove a few more files, but things still stayed the same. And its fixes couldn't survive a restart either.

It was at this point that I started poking around the internet looking for solutions. I downloaded and ran a whole bunch of stuff including:

-FixIEDef -- Ran this in both regular and safe mode as a prelude to Fixwareout, it didn't seem to have any effect.

-FixWareout -- The Malware prevented me from running this in Safe Mode at first, telling me it was 'infected'. Running Spybot and an AVG scan, then rebooting into Safe Mode allowed me to run it there. It seemed to kill some of the registry stuff and the desktop hijack, but it would all come back when the program would force a reboot.

-FxNetsky -- No effect whatsoever. In fact it told me my computer was clean. Yeah, right.

-Windows Malicious Software Removal Tool -- Also useless, from what I could tell.

-Smitfraudfix.exe -- I really thought this might be the magic bullet, since the malware tried very hard to keep me from running it. I finally was able to run it by using Spybot S&D, then FixWareout -- but not rebooting, and then running it in Safe Mode. I do think this would up killing some stuff, it got rid of the desktop graphic (though I was still locked out of modifying the desktop) and, after I ran it, I was able to kill a few more things with good ol' Spybot & AVG.

-Smitfraudfix.exe also freed up regedit, and I used it to poke around the registry looking for stuff that looked suspicious. I did delete a few files, but doing so seemed to have little effect.

-At this point, I came across malwarebytes in my search for help. I'd heard about it, but never used it before -- though by this time I was desperate. I dowloaded it, ran it, and it killed a ton of nasty stuff. After rebooting it, all the bogus warnings were gone, my desktop was normal -- the only thing that still seemed off was that my clock was still in 24hr. mode. It had been in 12hr. mode before all this crap began.

-I also downloaded SuperAntiSpyware and started to run it, but as I was waiting for the scan to run, I came across a forum post elsewhere that mentioned that SAS had a lot of false positives and often killed important and benign files w/o asking for permisssion. Concerned, I aborted the scan about 5 minutes it.

-I ran AVG again. This time it snagged the winupdate86.exe files that started all this. I reset the ID protection, rebooted, ran full scans in malwarebytes and AVG, and they both came up clean.


Yay, right? Only I'm not so sure. A few things about the way my PC is functioning still worry me:

-My clock is still in 24hr. mode, and I don't know how/where switch it back -- UPDATE: Managed to fix this bit myself (and ONLY this bit), pardon me for being such an idiot.

-I'm not sure if it's the malware, the programs I used to try and kill it, or my harebrained hunt through the registry files, but my Start Menu has been wrecked. Except for a small handful of programs, all the shortcuts that were there are gone. The programs are still there in my C drive, and appear to launch and function perfectly, but I can't seem to restore them to the Start Menu.

-Early on, the malware hijacked system restore and created a restore point right at the point of infection. I disabled SR in order to kill the malware, but even though the threat seems to be over all of my previous restore points are still gone.


So casting about the internet in search of more info, I found you guys -- and really, really wished I had come across you sooner.

Still here? Cool, thanks very much for that. Now per the forum instructions, here's what I've done:

1)Ran TFC
2)Ran SysRestorePoint
3)Ran ERUNT
4)Ran a Quick Scan w/Malwarebytes
5)Tried to run RootRepeal -- but it hung on the 'initializing' screen. It was causing my system resources and pagefile usage to spike to VERY high levels, so I went into tskmgr and killed it.
6)Ran OTL

Here's my mbam log:

Malwarebytes' Anti-Malware 1.42
Database version: 3338
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/10/2009 3:59:17 PM
mbam-log-2009-12-10 (15-59-17).txt

Scan type: Quick Scan
Objects scanned: 118097
Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here's my OTL log:

OTL logfile created on: 12/10/2009 6:41:00 PM - Run 1
OTL by OldTimer - Version 3.1.15.0 Folder = C:\Documents and Settings\[REDACTED]\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
3.10 Gb Paging File | 2.55 Gb Available in Paging File | 82.20% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.55 Gb Total Space | 40.35 Gb Free Space | 72.64% Space Free | Partition Type: NTFS
Drive D: | 51.22 Gb Total Space | 49.27 Gb Free Space | 96.18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDRIA
Current User Name: [REDACTED]
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/10 18:37:21 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\[REDACTED]\Desktop\OTL.exe
PRC - [2009/12/01 15:25:44 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/01 15:25:43 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/12 09:10:02 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/12 09:10:00 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/09 09:58:13 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2009/10/30 20:20:21 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/30 20:20:21 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/30 20:20:20 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/30 20:20:11 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/10/30 20:20:11 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009/10/30 20:20:11 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/30 20:20:10 | 00,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2009/10/30 20:20:07 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2009/10/01 23:16:27 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/01 23:16:13 | 00,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/25 01:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007/04/17 13:03:50 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/04/17 13:03:50 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2007/01/19 23:09:41 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2006/06/12 14:32:26 | 00,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2005/12/16 11:57:56 | 00,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/12/01 16:35:42 | 00,118,784 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
PRC - [2005/12/01 16:04:00 | 00,712,704 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2005/11/15 18:44:14 | 01,200,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2005/11/15 18:42:22 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2003/04/17 16:51:36 | 00,053,248 | ---- | M] (Sony Electronics, Inc) -- C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe
PRC - [2003/03/03 18:44:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/02/14 11:59:00 | 00,088,107 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2002/08/29 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2002/08/20 09:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [1999/12/12 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/10 18:37:21 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\[REDACTED]\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/01 15:25:43 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/09 09:58:13 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/10/30 20:20:11 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/10/30 20:20:11 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/30 20:20:07 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/10/01 23:16:27 | 00,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2007/04/17 13:03:50 | 00,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/01/07 20:13:00 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/09/11 10:34:41 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/12/01 16:35:42 | 00,118,784 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 08:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/25 16:39:02 | 00,262,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/03/19 20:02:38 | 00,675,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/03/19 20:02:38 | 00,675,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/03/18 16:03:24 | 00,536,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/03/03 18:44:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/02/10 12:11:12 | 00,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/02/10 12:11:12 | 00,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2002/12/24 10:01:22 | 00,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [1999/12/12 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/11 00:11:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/09 22:06:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/08 14:32:10 | 00,000,000 | ---D | M]

[2009/03/30 21:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\Mozilla\Extensions
[2009/03/30 21:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\Mozilla\Extensions\[email protected]
[2009/12/10 16:09:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\Mozilla\Firefox\Profiles\89gq6e9g.default\extensions
[2009/09/18 21:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\Mozilla\Firefox\Profiles\89gq6e9g.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2009/08/12 14:34:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\Mozilla\Firefox\Profiles\89gq6e9g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/10 16:09:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (23 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CreateCD_Reminder] C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe (Sony Electronics, Inc)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe (Support.com, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm ()
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 199 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...84/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/..._4_0_03-win.cab (Java Plug-in 1.4.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitc...eInstallSBC.exe (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/09 17:47:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/04/09 10:40:56 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/10 18:37:06 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\[REDACTED]\Desktop\OTL.exe
[2009/12/10 18:14:24 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\[REDACTED]\Desktop\RootRepeal.exe
[2009/12/10 13:54:06 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/10 13:52:10 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\[REDACTED]\Desktop\erunt_setup.exe
[2009/12/10 13:50:07 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\[REDACTED]\Desktop\SysRestorePoint.exe
[2009/12/10 13:36:04 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\[REDACTED]\Desktop\TFC.exe
[2009/12/10 07:19:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\[REDACTED]\Application Data\AVG9
[2009/12/10 06:27:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/10 04:57:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\[REDACTED]\Application Data\Malwarebytes
[2009/12/10 04:57:38 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/10 04:57:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/10 04:57:34 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/10 04:57:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/10 04:49:10 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\[REDACTED]\Desktop\mbam-setup.exe
[2009/12/10 04:16:12 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\[REDACTED]\Recent
[2009/12/10 00:49:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/12/10 00:49:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/10 00:13:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\[REDACTED]\Desktop\Proj1209
[2009/12/09 14:34:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\[REDACTED]\My Documents\Downloads
[2009/12/09 13:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\[REDACTED]\Desktop\NewCommz
[2009/12/04 01:18:00 | 00,000,000 | ---D | C] -- C:\Program Files\EasyCapture
[2009/12/01 15:26:19 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/12/01 14:37:03 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/30 20:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/09 11:50:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/04/10 18:59:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/10 18:59:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/10 18:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/04/15 13:03:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\TiVo Desktop
[2005/02/18 19:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/05/15 12:27:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[7 C:\Documents and Settings\[REDACTED]\My Documents\*.tmp files -> C:\Documents and Settings\[REDACTED]\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\[REDACTED]\*.tmp files -> C:\Documents and Settings\[REDACTED]\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/10 18:37:21 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\[REDACTED]\Desktop\OTL.exe
[2009/12/10 18:14:27 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\[REDACTED]\Desktop\RootRepeal.exe
[2009/12/10 15:56:22 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Local Settings\Application Data\prvlcl.dat
[2009/12/10 13:54:10 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\NTREGOPT.lnk
[2009/12/10 13:54:09 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\ERUNT.lnk
[2009/12/10 13:52:12 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\[REDACTED]\Desktop\erunt_setup.exe
[2009/12/10 13:50:09 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\[REDACTED]\Desktop\SysRestorePoint.exe
[2009/12/10 13:44:59 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/10 13:43:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/10 13:43:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/10 13:43:40 | 26,837,52448 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/10 13:40:29 | 18,350,080 | -H-- | M] () -- C:\Documents and Settings\[REDACTED]\NTUSER.DAT
[2009/12/10 13:40:29 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\[REDACTED]\ntuser.ini
[2009/12/10 13:36:06 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\[REDACTED]\Desktop\TFC.exe
[2009/12/10 08:54:19 | 03,211,860 | -H-- | M] () -- C:\Documents and Settings\[REDACTED]\Local Settings\Application Data\IconCache.db
[2009/12/10 08:40:33 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\Shortcut to Photoshop.lnk
[2009/12/10 08:25:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/12/10 04:57:41 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/10 04:25:26 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\[REDACTED]\Desktop\mbam-setup.exe
[2009/12/10 04:20:18 | 07,392,800 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\SUPERAntiSpyware.exe
[2009/12/10 04:08:53 | 00,003,730 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/10 03:57:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/12/10 03:37:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/12/10 00:05:18 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/09 20:29:53 | 00,227,321 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\Pinoy_Pugilist__Full_Costume_by_Taclobanon.jpg
[2009/12/09 14:39:19 | 46,426,991 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/09 14:38:59 | 00,122,895 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/09 14:35:38 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\CCleaner.lnk
[2009/12/07 15:42:50 | 00,807,907 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\Dr S1.psd
[2009/12/05 14:18:57 | 04,556,689 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\Redline FFEST.png
[2009/12/05 14:09:07 | 01,799,298 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\Redline FFESB.jpg
[2009/12/05 14:08:20 | 01,749,966 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\Redline FFES.jpg
[2009/12/05 13:53:24 | 33,741,734 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\Redline FFES Pack.psd
[2009/12/05 00:24:03 | 00,546,935 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2009/12/04 18:32:58 | 00,261,607 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\Redline 2 ES Colors Edits.jpg
[2009/12/04 01:18:02 | 00,000,660 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\EasyCapture.lnk
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 01:08:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/03 01:03:38 | 00,137,216 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/01 15:26:14 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/12/01 15:26:12 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/12/01 14:36:55 | 00,000,867 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/30 18:27:35 | 26,140,436 | ---- | M] () -- C:\Documents and Settings\[REDACTED]\Desktop\Redline_2_400_Colored.psd
[7 C:\Documents and Settings\[REDACTED]\My Documents\*.tmp files -> C:\Documents and Settings\[REDACTED]\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\[REDACTED]\*.tmp files -> C:\Documents and Settings\[REDACTED]\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/10 13:54:10 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\NTREGOPT.lnk
[2009/12/10 13:54:09 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\ERUNT.lnk
[2009/12/10 08:40:33 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\Shortcut to Photoshop.lnk
[2009/12/10 04:57:41 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/10 04:49:25 | 07,392,800 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\SUPERAntiSpyware.exe
[2009/12/10 04:18:06 | 26,837,52448 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/10 03:57:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/12/10 01:59:25 | 00,003,730 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/10 00:32:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/12/09 20:29:52 | 00,227,321 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\Pinoy_Pugilist__Full_Costume_by_Taclobanon.jpg
[2009/12/05 14:18:31 | 04,556,689 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\Redline FFEST.png
[2009/12/05 13:39:23 | 33,741,734 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\Redline FFES Pack.psd
[2009/12/04 21:14:29 | 01,749,966 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\Redline FFES.jpg
[2009/12/04 21:10:28 | 01,799,298 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\Redline FFESB.jpg
[2009/12/04 18:31:45 | 00,261,607 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\Redline 2 ES Colors Edits.jpg
[2009/12/04 01:43:01 | 00,807,907 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\Dr S1.psd
[2009/12/04 01:18:02 | 00,000,660 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\EasyCapture.lnk
[2009/12/01 14:36:55 | 00,000,867 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/30 18:24:14 | 26,140,436 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Desktop\Redline_2_400_Colored.psd
[2009/11/02 21:19:25 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Local Settings\Application Data\prvlcl.dat
[2008/08/07 12:49:13 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Application Data\$_hpcst$.hpc
[2008/06/10 16:07:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 16:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 16:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 14:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/28 19:43:20 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2006/10/06 08:24:30 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Local Settings\Application Data\fusioncache.dat
[2006/09/01 22:38:15 | 00,159,744 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Application Data\fontdb.mdb
[2006/05/08 14:18:02 | 00,007,920 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/03/29 17:14:47 | 00,001,372 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/16 13:01:31 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/03/07 02:02:19 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/21 00:28:41 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/02/21 00:28:41 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/22 14:09:37 | 00,000,465 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2005/08/30 10:14:45 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/07/14 00:15:19 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/05/20 08:13:32 | 00,001,548 | ---- | C] () -- C:\WINDOWS\AFLOW.INI
[2005/05/20 07:57:22 | 00,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2005/03/04 01:03:02 | 00,137,216 | ---- | C] () -- C:\Documents and Settings\[REDACTED]\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/29 21:06:39 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/01/29 21:04:58 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2004/01/29 21:04:58 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2004/01/29 21:01:16 | 00,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2004/01/10 12:11:12 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/04/11 02:03:36 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2003/04/11 02:00:00 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/11 01:59:50 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/11 01:56:30 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/04/11 01:55:36 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/04/11 01:54:28 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/04/10 23:29:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/09 17:58:30 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/09 17:56:09 | 00,000,805 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/09 17:39:01 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/04/09 17:39:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/04/09 17:38:29 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2003/04/09 17:38:28 | 00,000,682 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/14 18:47:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 11:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/09 16:27:50 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\vxdmdcdlg.dll
[2002/06/12 11:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/05/24 00:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 00:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

========== LOP Check ==========

[2009/10/30 20:20:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/02/04 02:29:48 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/04/10 19:03:12 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/06/11 07:44:16 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/03/28 15:27:08 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2007/02/04 02:40:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2009/10/30 20:08:59 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2004/05/06 09:48:34 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/01 14:37:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2008/09/29 20:51:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\.SwarmPlayer
[2008/09/29 20:50:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\.Tribler
[2009/12/10 07:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\AVG9
[2006/09/01 23:05:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\BorWare
[2008/12/24 15:05:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\COWON
[2006/02/11 08:24:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\EPSON
[2008/02/10 16:02:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\FrostWire
[2003/04/11 01:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\InterTrust
[2006/01/22 13:56:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\iScreensaver
[2004/01/29 21:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\Leadertech
[2009/03/30 21:08:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\MP3Rocket
[2006/02/11 08:22:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\Smart Panel
[2004/01/06 20:57:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\Template
[2009/12/02 23:08:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\uTorrent
[2003/10/25 13:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\[REDACTED]\Application Data\VERITAS
[2009/12/10 00:05:18 | 00,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2003/12/16 16:25:05 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2003/12/16 16:25:05 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2003/12/16 16:25:05 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/05/24 11:59:30 | 00,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2007/03/28 02:22:12 | 00,177,152 | ---- | M] () -- C:\utorrent.exe


< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 00:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


And here's the OTL 'Extras' Log:

OTL Extras logfile created on: 12/10/2009 6:41:00 PM - Run 1
OTL by OldTimer - Version 3.1.15.0 Folder = C:\Documents and Settings\[REDACTED]\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
3.10 Gb Paging File | 2.55 Gb Available in Paging File | 82.20% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.55 Gb Total Space | 40.35 Gb Free Space | 72.64% Space Free | Partition Type: NTFS
Drive D: | 51.22 Gb Total Space | 49.27 Gb Free Space | 96.18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDRIA
Current User Name: [REDACTED]
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\[REDACTED]\Desktop\utorrent.exe" = C:\Documents and Settings\[REDACTED]\Desktop\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\utorrent.exe" = C:\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- File not found
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- File not found
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS RecordNow Update Manager
"{0B53B71D-9E2F-42B8-9123-96354872D166}" = EPSON Photo Print
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.5
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{30642CE1-217B-40C0-92E2-6BF849599D9E}" = Network Smart Capture
"{3147661C-2807-49EC-B971-3B0F23D95018}" = VAIO DeepSea Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FE914F-1B2B-4D83-B3E1-032A508E9EC4}" = Experience VAIO
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{569C24E9-1D28-4738-99EF-6BEC75DC5F6A}" = Creative ZEN Vision W
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"{62F33B80-6244-4A70-A233-0DA13B640364}" = OpenMG Secure Module 3.2
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.5
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 1.2
"{8214CC02-6271-4DC8-B8DD-779933450264}" = VERITAS RecordNow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95178E4F-BD83-43BE-B59A-9C46281853A0}" = LogMeIn
"{9E30D77F-CE1B-4674-8AFB-0DE22E5AC3A8}" = VAIO Media Photo Server 2.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C93369CB-B4E9-E095-9289-E6B5AE941033}" = Nero 7 Demo
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC48E4-4B4D-43CB-ABB5-E817E39873B3}" = VAIO Media Setup 2.5
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF0DD6E9-F673-4466-8353-70B50A506FD9}" = VAIO Media Platform 2.5
"{DF733005-0F40-11D6-9254-0000F460E7A9}" = VAIO Media Music Server 2.5
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EDEAF307-51B7-41FF-8B08-AE646117172E}" = Microsoft Upgrade Offer
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FF005ABC-1422-4BEC-91C4-DD5935E56AAA}" = DVD Creation
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"EasyCapture_is1" = EasyCapture 1.2.0.0
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"GSpot" = GSpot Codec Information Appliance
"Hero Lab V3.5" = Hero Lab V3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Java Web Start" = Java Web Start
"LimeWire" = LimeWire 5.1.2
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKV Minimum Set (LD-Anime) - MatroskaSplitter & VSFilter_is1" = Matroska Pack - Lazy Man's MKV 0.9.9
"MoodLogic" = MoodLogic
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OpenMG HotFix3.2-03-01-16-01" = OpenMG Limited Patch 3.2-03-02-21-08
"OpenMG HotFix3.2-03-01-16-02" = OpenMG Limited Patch 3.2-03-02-25-01
"PDFCanvas V1.4" = PDFCanvas V1.4
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Network Adapters and Drivers
"Semagic" = Semagic (remove only)
"Shockwave" = Shockwave
"Silent Package Run-Time Sample" = EPSON ES CX6400 Manual
"SysInfo" = Creative System Information
"VAIO Support" = VAIO Support
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VLC media player" = VideoLAN VLC media player 0.8.6e
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinUHA 2.0 Build 2003.12.31 Beta_is1" = WinUHA 2.0 Build 2003.12.31 Beta
"XviD_is1" = XviD 1.1 final uninstall
"ZENcast Organizer" = ZENcast Organizer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2009 4:36:27 AM | Computer Name = ALEXANDRIA | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3646, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2009 12:11:42 AM | Computer Name = ALEXANDRIA | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

Error - 11/18/2009 10:54:54 PM | Computer Name = ALEXANDRIA | Source = Application Hang | ID = 1002
Description = Hanging application Start.exe, version 8.0.0.178, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2009 5:33:23 PM | Computer Name = ALEXANDRIA | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 12/8/2009 7:26:51 PM | Computer Name = ALEXANDRIA | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/10/2009 12:18:14 PM | Computer Name = ALEXANDRIA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 12/10/2009 12:23:44 PM | Computer Name = ALEXANDRIA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 12/10/2009 1:31:04 PM | Computer Name = ALEXANDRIA | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2009 10:27:40 PM | Computer Name = ALEXANDRIA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2009 10:27:40 PM | Computer Name = ALEXANDRIA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/10/2009 11:54:13 AM | Computer Name = ALEXANDRIA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/10/2009 12:04:55 PM | Computer Name = ALEXANDRIA | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 12/10/2009 5:38:24 PM | Computer Name = ALEXANDRIA | Source = Service Control Manager | ID = 7034
Description = The MaxSyncService service terminated unexpectedly. It has done this
1 time(s).

Error - 12/10/2009 5:38:24 PM | Computer Name = ALEXANDRIA | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 12/10/2009 5:38:24 PM | Computer Name = ALEXANDRIA | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/10/2009 5:38:24 PM | Computer Name = ALEXANDRIA | Source = Service Control Manager | ID = 7034
Description = The LogMeIn Maintenance Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/10/2009 5:38:24 PM | Computer Name = ALEXANDRIA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/10/2009 5:38:24 PM | Computer Name = ALEXANDRIA | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

Error - 12/10/2009 5:38:24 PM | Computer Name = ALEXANDRIA | Source = Service Control Manager | ID = 7034
Description = The AVG E-mail Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/10/2009 5:44:27 PM | Computer Name = ALEXANDRIA | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

< End of report >


So that's it: All I have left so say now is -- HELP! Please?

Edited by jscarpia, 10 December 2009 - 11:18 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP