Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple kivereza, Win32:Rookit-gen, sysguard problems

Started by ajny , Dec 14 2009 09:49 AM

  • Please log in to reply

#1
ajny
Posted 14 December 2009 - 09:49 AM

ajny

    New Member

  • Member
  • Pip
  • 3 posts
Hi. I have quite an infection going. I am writing this from a working computer in the next room.

The affected computer has an XP64 operating system.

The symptoms right now are:

(1) mbam won't run, even when renamed. Or, I think it might try to run but...
(2) Avast comes up, finds Win32:Rootkit-gen[Rtk] but cannot remove it. Over and over again.
(3) I am locked out of google and gmail in IE7. Some sites do work. But in gmail, it tells me the certificate is invalid; I cannot logon. Standard Google search screen is blank. Google News and NY Times site do work.

I am afraid to run IE, because the malware appears to learn, and lock me out of sites I want to use. It does this also on Firefox, which I also have tried on that machine.

I ran Hijack this and found a bunch of Sysguard stuff. When I removed that, the malware was no longer asking me to buy the phony virus protection software, and its icon was no longer in the system tray. So this was an improvement.

But no matter what I do, I cannot run mbam.

I have read a lot on the site about OTC, OTL, Combofix, GMER. There are many ways to approach it. I would appreciate being led through the process as I am bewildered as to where to start.


Note that the affected computer has XP64.

The computer under my name, the good one, is XP Pro.

Thanks in advance for your help. aj

Edited by ajny, 14 December 2009 - 09:59 AM.

  • 0

Advertisements

#2
ajny
Posted 14 December 2009 - 09:50 AM

ajny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Note that the affected computer has XP64.

The computer under my name, the good one, is XP Pro.
  • 0

#3
ajny
Posted 14 December 2009 - 11:59 AM

ajny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I tried to follow Malware and Spyware Cleaning Guide.

TFC downloaded successfully and ran on the XP64 infected system.

SysRestorePoint failed to initialize properly.

ERUNT appeared to run properly, because the ERDNT folder was created.

MBAM does not run. So no log.

RootRepeal does not run, presumably because of XP64. So no log.

OTL ran and created the results below. I apologize for running a regular rather than a quick scan.

OTL.txt:=

OTL logfile created on: 12/14/2009 12:28:02 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = L:\
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.35% Memory free
3.87 Gb Paging File | 3.44 Gb Available in Paging File | 88.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.96 Gb Total Space | 115.01 Gb Free Space | 77.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 24.41 Gb Total Space | 1.75 Gb Free Space | 7.17% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 97.65 Gb Total Space | 95.51 Gb Free Space | 97.81% Space Free | Partition Type: NTFS
Drive J: | 54.69 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive K: | 56.13 Gb Total Space | 50.16 Gb Free Space | 89.36% Space Free | Partition Type: NTFS
Drive L: | 465.64 Gb Total Space | 465.21 Gb Free Space | 99.91% Space Free | Partition Type: FAT32
Drive Z: | 68.24 Gb Total Space | 28.35 Gb Free Space | 41.55% Space Free | Partition Type: NTFS

Computer Name: D6ZF24C1
Current User Name: aj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/14 12:07:40 | 00,538,112 | ---- | M] (OldTimer Tools) -- L:\OTL.exe
PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/02 20:39:07 | 00,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/10/30 06:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2008/06/01 17:53:24 | 00,057,344 | ---- | M] (FileOpen Systems, Inc.) -- C:\Program Files (x86)\FileOpen\plug_ins\FileOpenAPI.exe
PRC - [2008/05/07 16:56:52 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/04 12:10:26 | 00,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/07/27 23:16:50 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2006/04/26 14:39:18 | 00,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/04/26 14:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/21 05:00:04 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/18 00:25:16 | 00,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files (x86)\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/03/13 19:14:46 | 00,995,328 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\ControlCenter2\brctrcen.exe
PRC - [2005/03/17 13:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2004/07/27 23:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2009/12/14 12:07:40 | 00,538,112 | ---- | M] (OldTimer Tools) -- L:\OTL.exe
MOD - [2009/10/29 18:32:12 | 00,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wininet.dll
MOD - [2009/09/14 09:40:05 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\SysWOW64\vetahadu.dll
MOD - [2009/09/14 09:40:05 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\SysWOW64\vetahadu.dll
MOD - [2009/09/14 09:39:30 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\SysWOW64\nipiluti.dll
MOD - [2009/03/21 08:47:30 | 00,029,696 | -HS- | M] (Microsoft) -- C:\Documents and Settings\aj\ntload.dll
MOD - [2007/02/18 10:24:12 | 01,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll
MOD - [2007/02/18 10:05:38 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msctfime.ime
MOD - [2006/06/29 08:05:44 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\normaliz.dll
MOD - [2005/03/25 12:00:00 | 00,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
MOD - [2005/03/25 12:00:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ws2help.dll
MOD - [2005/03/25 12:00:00 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\lz32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/02 20:39:07 | 00,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/29 16:33:54 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/28 19:22:24 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c99a03ce342cb8) Google Update Service (gupdate1c99a03ce342cb8)
SRV - [2008/04/04 12:10:26 | 00,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2007/02/16 23:44:20 | 00,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/12/25 12:46:10 | 00,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/04/26 14:38:50 | 00,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMon) Intel®
SRV - [2006/03/18 00:25:16 | 00,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files (x86)\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2005/03/25 12:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)
SRV - [2003/06/20 06:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2005/03/25 12:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\mnmdd.dll -- (mnmdd)
DRV - [2003/04/24 22:21:44 | 00,010,752 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files (x86)\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.c...navclient#inbox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.nytimes.c...partner=rssnyt"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/07 16:57:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/06 20:44:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/09/04 09:55:01 | 00,000,000 | ---D | M]

[2009/09/03 10:57:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aj\Application Data\Mozilla\Extensions
[2009/12/12 18:48:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aj\Application Data\Mozilla\Firefox\Profiles\vq95djkm.default\extensions
[2009/12/12 18:48:07 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

Hosts file not found
O2:64bit: - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SysNative\DLA\DLASHX_W.DLL File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files (x86)\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [DLA] C:\WINDOWS\SysNative\DLA\DLACTRLW.EXE File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files (x86)\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [kijiripar] C:\WINDOWS\SysWow64\nipiluti.DLL ()
O4 - HKLM..\Run: [notepad] C:\WINDOWS\SysWow64\notepad.DLL (Microsoft)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files (x86)\Brother\Brmfl05c\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [notepad] C:\Documents and Settings\aj\ntload.dll (Microsoft)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\aj\Start Menu\Programs\Startup\FileOpenAPI.exe.lnk = C:\Program Files (x86)\FileOpen\plug_ins\FileOpenAPI.exe (FileOpen Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15:64bit: - ..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} https://www.partserv...3d/cnsweb3d.cab (Cnsweb3d Control)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} http://heva.solidwor...elsStandard.cab (EModelNonVersionSpecificViewControl Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1225420344890 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://aolsvc.aol.co...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.112.138 167.206.7.4 192.168.0.88
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20 - AppInit_DLLs: (c:\windows\system32\nipiluti.dll c:\windows\system32\kivereza.dll) - C:\WINDOWS\SysWow64\nipiluti.dll ()
O20 - AppInit_DLLs: (vetahadu.dll) - C:\WINDOWS\SysWow64\vetahadu.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O21 - SSODL: bunepozag - {1a55f150-54ee-4c3e-91f8-557dafd633da} - c:\WINDOWS\SysWOW64\nipiluti.dll ()
O21 - SSODL: pofubojuh - {f5ce1272-5515-47ce-b4cd-575c63ba9b6f} - c:\WINDOWS\SysWOW64\nipiluti.dll ()
O21 - SSODL: renilidej - {d3871fa0-e4fc-4868-a22f-6ca81d107004} - c:\windows\SysWow64\kivereza.dll File not found
O21 - SSODL: zazajujun - {565d4310-79d1-4d60-963d-c93648bd96d2} - c:\WINDOWS\SysWOW64\nipiluti.dll ()
O22 - SharedTaskScheduler: {1a55f150-54ee-4c3e-91f8-557dafd633da} - kupuhivus - c:\WINDOWS\SysWOW64\nipiluti.dll ()
O22 - SharedTaskScheduler: {565d4310-79d1-4d60-963d-c93648bd96d2} - tokatiluy - c:\WINDOWS\SysWOW64\nipiluti.dll ()
O22 - SharedTaskScheduler: {d3871fa0-e4fc-4868-a22f-6ca81d107004} - mujuzedij - c:\windows\SysWow64\kivereza.dll File not found
O22 - SharedTaskScheduler: {f5ce1272-5515-47ce-b4cd-575c63ba9b6f} - jugezatag - c:\WINDOWS\SysWOW64\nipiluti.dll ()
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - Reg Error: Key error. File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/01 21:46:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/04 14:32:20 | 00,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/17 19:15:24 | 00,000,069 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0b3e98d9-c87d-11de-883c-001372363867}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b3e98d9-c87d-11de-883c-001372363867}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{20e1925f-96f6-11de-bd8a-001372363867}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\SysWOW64\ias [2007/07/17 13:54:13 | 00,000,000 | ---D | M]
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2009/12/14 12:24:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/14 12:23:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/12/12 23:54:04 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\aj\Recent
[2009/12/12 18:38:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aj\Local Settings\Application Data\wsmyxj
[2009/12/09 15:51:10 | 78,999,840 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\aj\Desktop\iTunes64Setup.exe
[2009/12/09 13:39:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aj\Local Settings\Application Data\Apple Computer
[2009/12/06 20:44:53 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\aj\.COMMgr
[2009/11/20 09:10:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aj\Desktop\From versci.com
[2009/10/29 14:53:13 | 00,289,072 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files (x86)\utorrent.exe
[2005/04/01 21:45:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/04/01 21:45:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/04/01 21:41:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/04/01 21:41:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\Documents and Settings\aj\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\aj\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\aj\Desktop\*.tmp files -> C:\Documents and Settings\aj\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\aj\Application Data\*.tmp files -> C:\Documents and Settings\aj\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/14 12:28:48 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\SysWow64\hekeroba
[2009/12/14 12:25:00 | 00,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{16E87AAA-D361-4397-9F16-6D59524FA9DD}.job
[2009/12/14 12:23:41 | 00,000,641 | ---- | M] () -- C:\Documents and Settings\aj\Desktop\NTREGOPT.lnk
[2009/12/14 12:23:41 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\aj\Desktop\ERUNT.lnk
[2009/12/14 12:21:03 | 00,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/14 12:20:57 | 00,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/14 12:19:46 | 00,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/12/14 12:19:18 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ybcruarc.job
[2009/12/14 12:19:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/14 12:19:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/14 12:18:31 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\aj\NTUSER.DAT
[2009/12/14 12:18:31 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\aj\ntuser.ini
[2009/12/12 20:56:23 | 00,104,448 | ---- | M] () -- C:\Documents and Settings\aj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/12 18:37:46 | 00,047,104 | ---- | M] () -- C:\ddnany.exe
[2009/12/12 18:37:41 | 00,008,704 | ---- | M] () -- C:\ryiasu.exe
[2009/12/11 16:35:00 | 00,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job
[2009/12/11 13:58:49 | 00,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2009/12/10 13:41:52 | 00,685,100 | ---- | M] () -- C:\Documents and Settings\aj\Desktop\macro_fun.zip
[2009/12/09 15:51:17 | 78,999,840 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\aj\Desktop\iTunes64Setup.exe
[2009/12/07 20:48:37 | 00,000,680 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/05 23:38:54 | 00,004,690 | ---- | M] () -- C:\WINDOWS\scad3.INI
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2009/12/02 22:52:14 | 00,000,002 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2009/11/24 18:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SysWow64\aswBoot.exe
[2009/11/23 17:07:17 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\aj\Desktop\Scratch Sheet.xls
[2009/11/20 20:00:45 | 00,193,896 | ---- | M] () -- C:\Documents and Settings\aj\Desktop\A_Little_Book_of_F-LawsE.pdf
[2009/11/19 13:09:16 | 00,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009/11/14 15:08:54 | 00,000,610 | ---- | M] () -- C:\Documents and Settings\aj\Desktop\106.lnk
[1 C:\Documents and Settings\aj\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\aj\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\aj\Desktop\*.tmp files -> C:\Documents and Settings\aj\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\aj\Application Data\*.tmp files -> C:\Documents and Settings\aj\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/14 12:23:41 | 00,000,641 | ---- | C] () -- C:\Documents and Settings\aj\Desktop\NTREGOPT.lnk
[2009/12/14 12:23:41 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\aj\Desktop\ERUNT.lnk
[2009/12/14 09:39:30 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ybcruarc.job
[2009/12/12 18:37:46 | 00,047,104 | ---- | C] () -- C:\ddnany.exe
[2009/12/12 18:37:41 | 00,008,704 | ---- | C] () -- C:\ryiasu.exe
[2009/12/10 11:23:09 | 00,936,351 | ---- | C] () -- C:\Documents and Settings\aj\Desktop\Macrofun.hlp
[2009/12/10 11:23:09 | 00,000,182 | ---- | C] () -- C:\Documents and Settings\aj\Desktop\Macrofun.cnt
[2009/12/10 11:22:50 | 00,685,100 | ---- | C] () -- C:\Documents and Settings\aj\Desktop\macro_fun.zip
[2009/12/02 22:51:35 | 00,380,928 | ---- | C] () -- C:\WINDOWS\SysWow64\actskin4.ocx
[2009/11/20 20:00:45 | 00,193,896 | ---- | C] () -- C:\Documents and Settings\aj\Desktop\A_Little_Book_of_F-LawsE.pdf
[2009/11/19 18:13:55 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\aj\Desktop\Scratch Sheet.xls
[2009/11/14 15:08:54 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\aj\Desktop\106.lnk
[2009/10/13 14:44:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FilterCAD.INI
[2009/09/14 09:40:05 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\SysWow64\vetahadu.dll
[2009/09/14 09:40:05 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\SysWow64\nukiyofi.dll
[2009/09/14 09:40:05 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\SysWow64\fuwobozu.dll
[2009/09/14 09:39:30 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\SysWow64\nipiluti.dll
[2009/09/14 09:39:29 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\SysWow64\zotokohu.dll
[2009/09/14 09:39:29 | 00,053,248 | -HS- | C] () -- C:\WINDOWS\SysWow64\loganoye.dll
[2009/09/14 09:39:29 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\SysWow64\wisahiri.dll
[2009/09/14 09:39:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\SysWow64\varadosa.dll
[2009/09/12 18:43:45 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\SysWow64\suwidusu.dll
[2009/09/12 18:43:45 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\SysWow64\yekotafo.dll
[2009/09/12 18:37:44 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\SysWow64\busekuja.dll
[2009/09/03 11:05:07 | 00,186,706 | ---- | C] () -- C:\Documents and Settings\aj\Local Settings\Application Data\Excal32.dat
[2009/09/03 11:05:07 | 00,104,448 | ---- | C] () -- C:\Documents and Settings\aj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/03 10:56:50 | 00,025,384 | ---- | C] () -- C:\Documents and Settings\aj\Application Data\Comma Separated Values (Windows).ADR
[2008/01/29 14:41:17 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/01/29 14:39:09 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/01/29 14:39:08 | 00,047,616 | ---- | C] () -- C:\WINDOWS\SysWow64\pdf995mon64.dll
[2007/08/28 16:22:48 | 00,000,060 | ---- | C] () -- C:\WINDOWS\SysWow64\SYSWQDRV.SYS
[2007/08/03 13:16:17 | 00,006,048 | ---- | C] () -- C:\WINDOWS\SysWow64\MCC16.dll
[2007/08/02 16:21:30 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/08/02 16:08:01 | 00,000,233 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/08/02 16:08:01 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/08/02 16:07:40 | 00,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\BRTCPCON.DLL
[2007/08/02 16:07:40 | 00,000,114 | ---- | C] () -- C:\WINDOWS\SysWow64\BRLMW03A.INI
[2007/08/02 16:07:25 | 00,106,496 | ---- | C] () -- C:\WINDOWS\SysWow64\BrMuSNMP.dll
[2007/08/02 16:06:38 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/07/17 13:55:26 | 00,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/07/17 13:55:11 | 01,277,952 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/07/17 13:55:11 | 00,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/05/15 16:15:04 | 00,000,056 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2007/02/13 16:42:04 | 00,004,690 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2007/02/09 16:39:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/01/31 15:48:22 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/18 02:50:01 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/18 02:47:41 | 00,000,150 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/18 02:47:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/18 02:35:24 | 00,110,592 | ---- | C] () -- C:\WINDOWS\SysWow64\nvapi.dll
[2005/11/10 15:38:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\px.ini
[2005/04/01 21:52:52 | 00,371,556 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2005/04/01 21:37:53 | 00,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2005/04/01 21:37:52 | 00,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2005/04/01 21:37:49 | 00,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2005/04/01 21:37:47 | 00,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2005/04/01 21:37:47 | 00,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2005/04/01 21:37:47 | 00,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2005/04/01 21:37:47 | 00,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2005/04/01 21:37:47 | 00,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2005/04/01 21:37:45 | 00,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2005/04/01 21:37:45 | 00,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2005/04/01 21:37:45 | 00,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2005/04/01 21:37:44 | 00,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2005/04/01 21:37:44 | 00,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2005/04/01 21:37:44 | 00,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2005/04/01 21:37:43 | 00,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2003/01/07 22:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\SysWow64\OUTLPERF.INI
[2001/11/07 20:27:00 | 00,237,568 | ---- | C] () -- C:\WINDOWS\SysWow64\glut32.dll
[1999/12/07 00:00:00 | 00,024,976 | ---- | C] () -- C:\WINDOWS\twain_16.dll
[1998/03/22 23:00:00 | 00,041,984 | ---- | C] () -- C:\WINDOWS\SysWow64\msh_zwf.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/12/12 18:37:46 | 00,047,104 | ---- | M] () -- C:\ddnany.exe
[2009/12/12 18:37:41 | 00,008,704 | ---- | M] () -- C:\ryiasu.exe
[2009/07/23 21:34:31 | 03,710,976 | ---- | M] () -- C:\snlo.exe


< MD5 for: AGP440.SYS >
[2007/02/16 23:03:12 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=3373905E7DED6168676707F318C612FA -- C:\WINDOWS\ServicePackFiles\amd64\agp440.sys
[2005/03/25 00:11:56 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=E089A8D56B08A7A79561EB3180ADA769 -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2005/03/25 00:12:00 | 00,148,480 | ---- | M] (Microsoft Corporation) MD5=72C77044943340964FA513B92D6D6874 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007/02/16 23:03:34 | 00,150,016 | ---- | M] (Microsoft Corporation) MD5=7A1814D0D112F50F828E25557A1ED29F -- C:\WINDOWS\ServicePackFiles\amd64\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2005/03/25 12:00:00 | 00,130,048 | ---- | M] (Microsoft Corporation) MD5=2C1641EFCDA764DCC29E01A528F227A1 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2007/02/16 23:20:32 | 00,130,560 | ---- | M] (Microsoft Corporation) MD5=589B15B2B3254E2745CB205243EB8588 -- C:\WINDOWS\ServicePackFiles\amd64\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/04/26 19:25:40 | 00,497,664 | ---- | M] (Intel Corporation) MD5=56ED8B9EF5FCC07F66D361650EA8A23D -- C:\drivers\storage\SATA\onboard\iastor.sys

< MD5 for: NETLOGON.DLL >
[2007/02/18 10:05:42 | 00,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2007/02/18 10:05:42 | 00,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2005/03/25 12:00:00 | 00,681,984 | ---- | M] (Microsoft Corporation) MD5=918FF7D96DE11D01DBA8BFFB3218C5A0 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2007/02/16 23:40:06 | 00,681,472 | ---- | M] (Microsoft Corporation) MD5=BFF99E983A1F35B4E8AA74DEA19D014B -- C:\WINDOWS\ServicePackFiles\amd64\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007/02/16 23:54:00 | 00,315,392 | ---- | M] (Microsoft Corporation) MD5=40453F57AAC02F32F785642F5C2E211E -- C:\WINDOWS\ServicePackFiles\amd64\scecli.dll
[2005/03/25 12:00:00 | 00,315,392 | ---- | M] (Microsoft Corporation) MD5=A832D97D4113E28DB89C33219D9E7D20 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2007/02/18 10:05:48 | 00,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll
[2007/02/18 10:05:48 | 00,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


Extras.txt:=

OTL Extras logfile created on: 12/14/2009 12:28:02 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = L:\
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.35% Memory free
3.87 Gb Paging File | 3.44 Gb Available in Paging File | 88.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.96 Gb Total Space | 115.01 Gb Free Space | 77.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 24.41 Gb Total Space | 1.75 Gb Free Space | 7.17% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 97.65 Gb Total Space | 95.51 Gb Free Space | 97.81% Space Free | Partition Type: NTFS
Drive J: | 54.69 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive K: | 56.13 Gb Total Space | 50.16 Gb Free Space | 89.36% Space Free | Partition Type: NTFS
Drive L: | 465.64 Gb Total Space | 465.21 Gb Free Space | 99.91% Space Free | Partition Type: FAT32
Drive Z: | 68.24 Gb Total Space | 28.35 Gb Free Space | 41.55% Space Free | Partition Type: NTFS

Computer Name: D6ZF24C1
Current User Name: aj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files (x86)\Azureus\Azureus.exe" = C:\Program Files (x86)\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files (x86)\Maxima-5.15.0\wxMaxima\wxMaxima.exe" = C:\Program Files (x86)\Maxima-5.15.0\wxMaxima\wxMaxima.exe:*:Enabled:wxMaxima -- File not found
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Brother\ControlCenter2\brctrcen.exe" = C:\Program Files (x86)\Brother\ControlCenter2\brctrcen.exe:*:Enabled:brctrcen -- (Brother Industries, Ltd.)
"C:\Program Files\Alwil Software\Avast4\ashServ.exe" = C:\Program Files\Alwil Software\Avast4\ashServ.exe:*:Enabled:ashServ -- (ALWIL Software)
"C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" = C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe:*:Enabled:ViewpointService -- (Viewpoint Corporation)
"C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewMgr.exe" = C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewMgr.exe:*:Enabled:ViewMgr -- (Viewpoint Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files (x86)\Azureus\Azureus.exe" = C:\Program Files (x86)\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files (x86)\Maxima-5.15.0\wxMaxima\wxMaxima.exe" = C:\Program Files (x86)\Maxima-5.15.0\wxMaxima\wxMaxima.exe:*:Enabled:wxMaxima -- File not found
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Brother\ControlCenter2\brctrcen.exe" = C:\Program Files (x86)\Brother\ControlCenter2\brctrcen.exe:*:Enabled:brctrcen -- (Brother Industries, Ltd.)
"C:\Program Files\Alwil Software\Avast4\ashServ.exe" = C:\Program Files\Alwil Software\Avast4\ashServ.exe:*:Enabled:ashServ -- (ALWIL Software)
"C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" = C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe:*:Enabled:ViewpointService -- (Viewpoint Corporation)
"C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewMgr.exe" = C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewMgr.exe:*:Enabled:ViewMgr -- (Viewpoint Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224D612-2C6A-4745-A91A-97BF86E76F2D}" = SapWin3
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08F7CCA6-8590-4401-8B44-CEB09A909AAB}" = del.icio.us Buttons for Internet Explorer
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E14CAA4-A544-11D6-80A8-006097DB005E}" = Maxwell SV Version 9.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2AEBE10C-D819-4EBF-BC60-03BF2327D340}" = Microsoft XML Parser and SDK
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41844F24-9CA6-11D4-A74E-00D0B76FE248}" = VBA (2720)
"{4672656C-B29F-4996-864D-12E4147E7D91}" = PCB Artist
"{47BD9F34-BBB7-4CFF-BE29-2D5D8E2F0385}" = PCB Artist
"{57517F96-22C6-4AD8-86A2-C582B20A91D4}" = Google Desktop Plugin - Google Earth
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{606D713B-B60C-11D6-A47A-00B0D03E4223}" = SolidWorks 2003
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66D87E2F-C42B-43DD-A6E4-DAB5AF8C065F}" = FilterPro
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-F400-7760-0000003D0002}" = Adobe Acrobat 3D
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BDDED532-0C5F-46AA-8091-D04809B6B8DB}" = OpAmpPro
"{BF2B125A-358E-448B-86B0-6429935464BA}" = FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®
"{CA7342EC-C7F6-467A-A276-9F4B8FE05149}" = ARRL Antenna Book, 21st Edition, Software
"{F2924009-B2A9-4413-AF7C-E0B72A870626}" = eDrawings 2007
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 3D" = Adobe Acrobat 3D 7.1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAGLE 5.0.0" = EAGLE 5.0.0
"ERUNT_is1" = ERUNT 1.1j
"EZNEC_-4000_is1" = EZNEC ARRL v. 4.0
"FastStone Image Viewer" = FastStone Image Viewer 3.0
"FEMM_is1" = femm 4.2 15Jul2009
"Filter Design 4.3_is1" = Filter Design 4.3
"FilterPro" = FilterPro
"FreePCB_is1" = FreePCB 1.2
"GeoAlert-ARRL Wizard_is1" = GeoAlert-ARRL Wizard 4.1.38
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MITCalc01_is1" = MITCalc-Beam 1.14
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Multilingual Speaking Clock_is1" = Multilingual Speaking Clock ver 2.52
"OmniFormat" = OmniFormat
"Pdf995" = Pdf995
"RealPlayer 6.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7e
"Signature995" = Signature995
"SopCast" = SopCast 3.0.3
"ST6UNST #1" = BeamBoy v2.2
"SwitcherCAD III" = LTspice/SwCADIII
"uTorrent" = µTorrent
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FilterCAD" = FilterCAD

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/9/2009 6:18:18 PM | Computer Name = D6ZF24C1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\aj\Local Settings\Temporary Internet Files\Content.IE5\CRC2TZUX\GLVACAZNDNYTCA7ZBDKWCASOINWMCACSLDUDCAP71R8UCAJ5N6V0CA35FY2OCAM62MQTCAXOMCHWCA7LFK3QCALQRTNFCA4PBV3YCAVNJCQ5CAJH7YG
6CAQIB53FCALTI3HTCAC75B2TCAL002KKCAXEIGQ7CA10JLD3
failed, 0000A413.

Error - 11/9/2009 6:19:50 PM | Computer Name = D6ZF24C1 | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/9/2009 6:19:57 PM | Computer Name = D6ZF24C1 | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/9/2009 6:20:06 PM | Computer Name = D6ZF24C1 | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/9/2009 6:20:20 PM | Computer Name = D6ZF24C1 | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/9/2009 6:47:54 PM | Computer Name = D6ZF24C1 | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/9/2009 6:48:03 PM | Computer Name = D6ZF24C1 | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/10/2009 1:46:00 PM | Computer Name = D6ZF24C1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\aj\Local Settings\Temporary Internet Files\Content.IE5\0J1V714N\restserver[1].php
failed, 0000A413.

Error - 11/10/2009 9:18:42 PM | Computer Name = D6ZF24C1 | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/23/2009 8:27:39 PM | Computer Name = D6ZF24C1 | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

[ Application Events ]
Error - 12/8/2009 2:24:50 PM | Computer Name = D6ZF24C1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A certificate chain could not be built to a trusted root authority.


Error - 12/9/2009 12:12:47 PM | Computer Name = D6ZF24C1 | Source = Application Hang | ID = 1002
Description = Hanging application sldworks.exe, version 11.1.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2009 4:51:34 PM | Computer Name = D6ZF24C1 | Source = MsiInstaller | ID = 10005
Description = Product: iTunes -- This iTunes installer requires Windows Vista 64-bit
edition.

Error - 12/9/2009 8:19:44 PM | Computer Name = D6ZF24C1 | Source = Application Error | ID = 1000
Description = Faulting application sldworks.exe, version 11.1.0.0, faulting module
slduiu.dll, version 11.1.0.0, fault address 0x003d1e4a.

Error - 12/12/2009 8:26:17 PM | Computer Name = D6ZF24C1 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 12/12/2009 11:25:38 PM | Computer Name = D6ZF24C1 | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2009 11:28:39 PM | Computer Name = D6ZF24C1 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 6.2.0.236, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2009 10:39:25 AM | Computer Name = D6ZF24C1 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 12/14/2009 12:37:13 PM | Computer Name = D6ZF24C1 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 12/14/2009 1:20:57 PM | Computer Name = D6ZF24C1 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

[ System Events ]
Error - 1/9/2009 4:21:05 PM | Computer Name = D6ZF24C1 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 1/13/2009 5:37:01 PM | Computer Name = D6ZF24C1 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 1/16/2009 10:52:34 PM | Computer Name = D6ZF24C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 1/17/2009 5:14:28 PM | Computer Name = D6ZF24C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2/9/2009 10:38:30 AM | Computer Name = D6ZF24C1 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/18/2009 4:21:06 PM | Computer Name = D6ZF24C1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft security update
service service to connect.

Error - 2/19/2009 11:16:39 AM | Computer Name = D6ZF24C1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft security update
service service to connect.

Error - 2/19/2009 1:10:36 PM | Computer Name = D6ZF24C1 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 2/26/2009 11:48:19 AM | Computer Name = D6ZF24C1 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/17/2009 10:54:48 AM | Computer Name = D6ZF24C1 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >


Thanks for your help. aj
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP