Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

iexplore.exe virus

Started by AniDanny , Feb 10 2010 12:21 AM

  • Please log in to reply

#1
AniDanny
Posted 10 February 2010 - 12:21 AM

AniDanny

    Member

  • Member
  • PipPip
  • 92 posts
I'm not sure where it came from, but I have the iexplore.exe virus, and I can't seem to make it go away. It makes IE my default browser, opens up in the background, plays annoying audio ads, and won't let me run a lot of virus scanners (AVG and AdAware are the only ones that have worked so far, and even those didn't manage to find it). In addition, it won't let me go to any website that might help me get rid of it (I have to access geekstogo on my laptop).

I tried running the programs listed in the cleaning guide thread:

TFC seemed to work until I reset, then the computer wouldn't start back up. The third time I hit the restart button, it finally worked (after yelling at me about trying to overclock).

ERUNT worked fine.

MBAM installed fine, but isn't allowed to run (it pops up for a second in the task manager, and then gets killed by the virus).

GMER extracted fine, but won't run at all.

OTL gave me an error saying "Access violation at address 00402903 in module 'OTL.exe'. Read of address 001DF000" when I clicked quick scan. Then I clicked it again and it seemed to run fine. Here is the log file for that:






OTL.txt

OTL logfile created on: 2/10/2010 1:00:08 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 120.92 Gb Free Space | 17.31% Space Free | Partition Type: NTFS
Drive D: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 7.52 Gb Total Space | 6.75 Gb Free Space | 89.75% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/05 12:20:18 | 000,549,376 | ---- | M] (OldTimer Tools) -- F:\5 OTL.exe
PRC - [2010/02/04 16:52:05 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/28 22:52:12 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/31 09:54:05 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/24 22:09:04 | 000,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009/11/05 13:21:53 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/24 07:17:49 | 000,044,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
PRC - [2009/04/22 17:38:50 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/16 04:44:55 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2009/01/10 22:56:04 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/30 14:58:28 | 018,082,304 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/23 14:17:06 | 021,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2008/05/30 14:54:16 | 000,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2008/05/02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/01 14:35:36 | 000,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2004/08/04 07:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/02/05 12:20:18 | 000,549,376 | ---- | M] (OldTimer Tools) -- F:\5 OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 01:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 01:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2008/04/13 19:11:56 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (nTuneService)
SRV - [2010/02/04 16:52:05 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/24 22:09:04 | 000,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/11/05 13:21:46 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/24 07:17:49 | 000,044,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/01/19 01:53:37 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/01/10 22:56:04 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/08/02 11:33:50 | 000,080,528 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.primericaonline.com/Login
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.62


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 09:31:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 22:55:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 16:30:40 | 000,000,000 | ---D | M]

[2008/06/17 23:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2010/02/09 13:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\1bxfzcgs.default\extensions
[2010/01/31 23:25:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\1bxfzcgs.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/11/12 14:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\1bxfzcgs.default\extensions\[email protected]
[2010/02/09 13:31:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/12/02 18:37:17 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [taskmandb.exe] C:\DOCUME~1\Dan\LOCALS~1\Temp\taskmandb.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlcrdplauncher: DllName - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/30 14:32:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/16 17:13:07 | 001,246,440 | R--- | M] (BioWare) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/04/13 22:17:18 | 000,000,058 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6f06fd42-7cca-11de-b333-001d92855028}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{6f06fdac-7cca-11de-b333-001d92855028}\Shell - "" = AutoRun
O33 - MountPoints2\{6f06fdac-7cca-11de-b333-001d92855028}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f06fdac-7cca-11de-b333-001d92855028}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bbe18499-26df-11de-b2e0-001d92855028}\Shell - "" = AutoRun
O33 - MountPoints2\{bbe18499-26df-11de-b2e0-001d92855028}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bbe18499-26df-11de-b2e0-001d92855028}\Shell\AutoRun\command - "" = E:\laucher.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (290365559013376)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/10 00:51:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/10 00:51:47 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/10 00:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/10 00:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/10 00:51:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/10 00:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/05 01:16:29 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dan\Desktop\HijackThis.exe
[2010/02/02 02:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malware Defense
[2010/02/01 00:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Apartment Pictures
[2010/01/28 22:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Torchwood Season 1
[2010/01/28 22:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Torchwood - Series 2 - Complete [BBC Two] [Xvid]
[2010/01/28 22:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Torchwood Children of Earth Complete [MM] Special Edition
[2010/01/28 21:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2010/01/28 21:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/01/28 21:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/01/28 21:51:19 | 000,627,072 | R--- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\WUSB54GCv3.sys
[2010/01/28 21:51:19 | 000,221,184 | R--- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2009/11/05 13:20:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/05 13:20:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/05 13:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/05 13:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/01 19:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
[2009/02/11 14:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[53 C:\Documents and Settings\Dan\Desktop\*.tmp files -> C:\Documents and Settings\Dan\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/10 00:59:32 | 019,136,512 | -H-- | M] () -- C:\Documents and Settings\Dan\NTUSER.DAT
[2010/02/10 00:51:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\stuff.lnk
[2010/02/10 00:50:31 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2010/02/10 00:50:31 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2010/02/10 00:48:21 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/10 00:48:21 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/10 00:48:20 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/10 00:48:20 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/10 00:48:20 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/10 00:46:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/10 00:46:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/10 00:46:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/10 00:41:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dan\ntuser.ini
[2010/02/09 17:33:28 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Farming and Referrals.xls
[2010/02/08 22:29:39 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 01:16:30 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dan\Desktop\HijackThis.exe
[2010/02/04 14:19:22 | 000,008,318 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Kate_Ryan.rtf
[2010/02/02 23:10:36 | 000,000,716 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/02 23:10:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/02 23:10:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/02/02 22:50:06 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\Account.atomsvc
[2010/02/02 08:04:54 | 054,983,659 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/02 02:21:13 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/29 11:53:36 | 000,063,483 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\ecorrespondence115910025.pdf
[2010/01/29 11:53:32 | 000,063,542 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\ecorrespondence115910018.pdf
[2010/01/28 22:52:30 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/28 21:52:44 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/28 21:52:44 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/28 21:52:43 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[53 C:\Documents and Settings\Dan\Desktop\*.tmp files -> C:\Documents and Settings\Dan\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/10 00:56:59 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\gmer.exe
[2010/02/10 00:51:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\stuff.lnk
[2010/02/10 00:50:31 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2010/02/10 00:50:31 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2010/02/04 14:18:18 | 000,008,318 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Kate_Ryan.rtf
[2010/02/02 22:50:06 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\Account.atomsvc
[2010/02/02 02:21:13 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/29 11:53:36 | 000,063,483 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ecorrespondence115910025.pdf
[2010/01/29 11:53:31 | 000,063,542 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ecorrespondence115910018.pdf
[2010/01/28 21:51:19 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/01/10 13:36:04 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/01/07 14:33:19 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/12/11 14:43:00 | 000,174,208 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/14 12:48:51 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/09 17:44:44 | 000,009,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\Ticalc.sys
[2009/08/09 17:44:44 | 000,000,239 | ---- | C] () -- C:\WINDOWS\Wlink83p.ini
[2009/08/09 17:42:30 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2009/08/09 17:42:29 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2009/07/28 01:12:01 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\ACEA49F199.sys
[2009/07/28 01:11:59 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/05/09 16:25:24 | 000,001,427 | ---- | C] () -- C:\WINDOWS\System32\LXBRSET.INI
[2009/04/21 23:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/03/10 21:17:13 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/17 18:19:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/19 01:54:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/10/14 21:41:26 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\99F149EAAC.sys
[2008/10/14 21:41:25 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/17 17:39:27 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/16 14:03:15 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\fusioncache.dat
[2008/06/16 00:08:39 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/06/15 09:59:45 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/21 20:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2005/12/29 18:04:24 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2005/08/29 23:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/29 23:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/29 23:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/03/07 13:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/11/05 13:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/10 17:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/03/10 21:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/05/30 16:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2008/10/08 23:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2009/06/03 15:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/02 18:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008/12/11 19:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009/11/04 22:39:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/05/10 00:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Acreon
[2009/06/25 19:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Aegisub
[2008/05/31 23:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Aim
[2009/12/24 00:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Atari
[2010/02/10 00:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\BitTorrent
[2009/08/10 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Braid
[2009/08/09 18:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Crayon Physics Deluxe
[2009/03/10 21:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\DAEMON Tools Pro
[2008/07/19 02:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\DNA
[2009/06/03 15:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\GetRightToGo
[2008/10/08 23:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\GlobalSCAPE
[2009/08/20 23:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\gtk-2.0
[2010/01/12 17:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\IM
[2008/05/30 15:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Leadertech
[2009/03/04 20:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\MuPAD
[2010/01/10 16:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\SystemRequirementsLab
[2009/08/10 18:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\The Path
[2010/02/10 00:48:20 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/02/10 00:48:20 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/02/10 00:48:20 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/02/10 00:48:21 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/02/10 00:48:21 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/25 00:01:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/25 00:01:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/25 00:01:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/25 00:01:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/24 22:27:54 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/03/10 21:17:14 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008/05/30 22:17:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/05/30 22:17:18 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/05/30 22:17:18 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >









Extra.txt

OTL Extras logfile created on: 2/10/2010 1:00:08 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 120.92 Gb Free Space | 17.31% Space Free | Partition Type: NTFS
Drive D: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 7.52 Gb Total Space | 6.75 Gb Free Space | 89.75% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"56403:TCP" = 56403:TCP:*:Enabled:Pando Media Booster
"56403:UDP" = 56403:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe" = C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe:*:Enabled:Live Mesh Remote Desktop -- (Microsoft Corporation)
"C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe" = C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Steam\steamapps\anidanny\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\anidanny\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Steam\steamapps\derek45013\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\derek45013\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Documents and Settings\Dan\Desktop\PWO\Pokemon Game.exe" = C:\Documents and Settings\Dan\Desktop\PWO\Pokemon Game.exe:*:Enabled:Pokemon Game -- File not found
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe" = C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe" = C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Program Files\Steam\steamapps\common\sam and max episode 4\sammax104_drm.exe" = C:\Program Files\Steam\steamapps\common\sam and max episode 4\sammax104_drm.exe:*:Enabled:Sam and Max 104: Abe Lincoln Must Die -- File not found
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\City of Heroes\CohUpdater.exe" = C:\Program Files\City of Heroes\CohUpdater.exe:*:Enabled:CohUpdater -- File not found
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- File not found
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Steam\steamapps\common\fallout 3\Fallout3.exe" = C:\Program Files\Steam\steamapps\common\fallout 3\Fallout3.exe:*:Enabled:Fallout3 -- (Bethesda Softworks)
"C:\Program Files\Steam\steamapps\common\everyday shooter\EverydayShooter.exe" = C:\Program Files\Steam\steamapps\common\everyday shooter\EverydayShooter.exe:*:Enabled:Everyday Shooter -- ()
"C:\Program Files\Steam\steamapps\common\gish\gish.exe" = C:\Program Files\Steam\steamapps\common\gish\gish.exe:*:Enabled:Gish -- ()
"C:\Program Files\Steam\steamapps\common\mrrobot\MrRobot.exe" = C:\Program Files\Steam\steamapps\common\mrrobot\MrRobot.exe:*:Enabled:Mr. Robot -- ()
"C:\Program Files\Steam\steamapps\common\crayon physics deluxe\launcher.exe" = C:\Program Files\Steam\steamapps\common\crayon physics deluxe\launcher.exe:*:Enabled:Crayon Physics Deluxe -- ()
"C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe" = C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo -- ()
"C:\Program Files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe" = C:\Program Files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:*:Enabled:Fallout 3 -- (Bethesda Softworks)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe" = C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe:*:Enabled:Live Mesh Remote Desktop -- (Microsoft Corporation)
"C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe" = C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Steam\steamapps\common\blueberry garden\BlueberryGarden.exe" = C:\Program Files\Steam\steamapps\common\blueberry garden\BlueberryGarden.exe:*:Enabled:Blueberry Garden -- (Erik Svedäng)
"C:\Program Files\Steam\steamapps\common\global agenda beta server\Binaries\globalagenda.exe" = C:\Program Files\Steam\steamapps\common\global agenda beta server\Binaries\globalagenda.exe:*:Enabled:TgGame Client -- (HiRez Studios, Inc.)
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\Steam\steamapps\common\rollercoaster tycoon 3 gold\RCT3plus.exe" = C:\Program Files\Steam\steamapps\common\rollercoaster tycoon 3 gold\RCT3plus.exe:*:Enabled:Rollercoaster Tycoon 3 Platinum -- (Frontier Developments Ltd)
"C:\Program Files\Steam\steamapps\common\trine\trine_launcher.exe" = C:\Program Files\Steam\steamapps\common\trine\trine_launcher.exe:*:Enabled:Trine -- ()
"C:\Program Files\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe" = C:\Program Files\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe:*:Enabled:Oddworld: Abe's Oddysee -- (Oddworld Inhabitants, Inc.)
"C:\Program Files\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe" = C:\Program Files\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe:*:Enabled:Oddworld: Abe's Exoddus -- (Oddworld Inhabitants, Inc.)
"C:\Program Files\Steam\steamapps\common\sam and max episode 4\SamMax104.exe" = C:\Program Files\Steam\steamapps\common\sam and max episode 4\SamMax104.exe:*:Enabled:Sam and Max 104: Abe Lincoln Must Die! -- ()
"C:\Program Files\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe" = C:\Program Files\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge -- (EA Digital Illusions CE AB)
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01840D1A-3B62-1E2A-9997-C9B9007F1E5F}" = Catalyst Control Center Core Implementation
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.6 Release Preview r2494
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32BAA79B-CBB2-3693-A0E3-71EA4A1E9761}" = ccc-core-static
"{33BA828D-CF19-0B52-8483-61FCFD83F75D}" = Catalyst Control Center HydraVision Full
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362CCC45-63D1-9688-C74D-F32F1B0CD919}" = CCC Help English
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3BE11C5A-7959-418B-90AC-1D85DE8B6E15}" = 5500
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{4183E4E3-F943-416C-D4E1-0673F1CBA6E1}" = ccc-utility
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DE8F9B6-DAEA-4990-AB2A-F797577D88B5}" = 5500Tour
"{69FAC221-570C-A7A2-10FF-30F3BDDED603}" = Catalyst Control Center Graphics Light
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77C4F53F-8618-B4AC-A54D-694CA504BC2E}" = Catalyst Control Center Graphics Full Existing
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A52C4BAB-E8E7-906E-EF34-91EA765505BE}" = ccc-core-preinstall
"{A6CCAEF5-F141-4BBE-A6DA-EA8A8362C7A6}" = MapleStory
"{A778A787-08A4-4089-CB68-02A9737DE532}" = Catalyst Control Center InstallProxy
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B08A973F-5D0C-4A09-A219-F00289BB85C0}" = 5500_Help
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1760DA4-A5FA-4FF1-A46A-031AB4A41345}" = 5500Trb
"{DCB4E1D9-B187-4B54-971E-1478485C9A53}" = Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{EB2E2ED5-DE74-F09D-3B23-0C4BA51D8C60}" = Catalyst Control Center Graphics Previews Common
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FD3D9B16-44E4-4231-E1E2-85C40A115F87}" = ATI Catalyst Install Manager
"{FDE0EEEA-B1CD-BFED-22BB-AD87B886CC47}" = Catalyst Control Center Graphics Full New
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Ad Hack_is1" = AIM Ad Hack
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"doPDF 6 printer_is1" = doPDF 6.1 printer
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Linksys Wireless Manager" = Linksys Wireless Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NVIDIA Drivers" = NVIDIA Drivers
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Steam App 11020" = TrackMania Nations Forever
"Steam App 12900" = Audiosurf
"Steam App 1500" = Darwinia
"Steam App 15700" = Oddworld: Abe's Oddysee
"Steam App 15710" = Oddworld: Abe's Exoddus
"Steam App 16300" = Everyday Shooter
"Steam App 17030" = Global Agenda - Beta
"Steam App 17410" = Mirror's Edge
"Steam App 18710" = And Yet It Moves Demo
"Steam App 20710" = Mr. Robot
"Steam App 211" = Source SDK
"Steam App 22000" = World of Goo
"Steam App 22300" = Fallout 3
"Steam App 22320" = The Elder Scrolls III: Morrowind - Game of the Year
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 2700" = Rollercoaster Tycoon 3 Platinum
"Steam App 27000" = The Path
"Steam App 280" = Half-Life: Source
"Steam App 29160" = Blueberry Garden
"Steam App 35700" = Trine
"Steam App 41510" = Torchlight - Demo
"Steam App 440" = Team Fortress 2
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 500" = Left 4 Dead
"Steam App 8230" = Sam and Max 104: Abe Lincoln Must Die
"Steam App 92" = Codename Gordon
"Steam App 9500" = Gish
"Steam App 9740" = Indigo Prophecy
"SystemRequirementsLab" = System Requirements Lab
"TI-Black Link" = TI-Black Link
"TI-Graph Link 83 Plus" = TI-Graph Link 83 Plus
"VLC media player" = VLC media player 0.9.6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZC2.10w" = Zelda Classic 2.10w

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2009 5:10:50 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1001
Description = Fault bucket 07601534.

Error - 10/23/2009 5:47:30 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3523, faulting module
jvm.dll, version 11.0.0.16, fault address 0x000a96b6.

Error - 10/23/2009 5:47:32 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket 1449853983.

Error - 10/26/2009 5:22:40 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3523, faulting module
jvm.dll, version 11.0.0.16, fault address 0x000a96b6.

Error - 10/26/2009 5:22:46 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket 1449853983.

Error - 10/26/2009 11:20:26 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application java.exe, version 6.0.110.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/26/2009 11:20:33 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1001
Description = Fault bucket 1038146276.

Error - 11/4/2009 10:38:51 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.12, faulting module
ad-aware.exe, version 7.1.0.12, fault address 0x00098312.

Error - 11/4/2009 10:38:55 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket 1101142063.

Error - 11/4/2009 11:48:37 PM | Computer Name = COMPUTER | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ Application Events ]
Error - 10/15/2009 5:10:50 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1001
Description = Fault bucket 07601534.

Error - 10/23/2009 5:47:30 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3523, faulting module
jvm.dll, version 11.0.0.16, fault address 0x000a96b6.

Error - 10/23/2009 5:47:32 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket 1449853983.

Error - 10/26/2009 5:22:40 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3523, faulting module
jvm.dll, version 11.0.0.16, fault address 0x000a96b6.

Error - 10/26/2009 5:22:46 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket 1449853983.

Error - 10/26/2009 11:20:26 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application java.exe, version 6.0.110.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/26/2009 11:20:33 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1001
Description = Fault bucket 1038146276.

Error - 11/4/2009 10:38:51 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.12, faulting module
ad-aware.exe, version 7.1.0.12, fault address 0x00098312.

Error - 11/4/2009 10:38:55 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket 1101142063.

Error - 11/4/2009 11:48:37 PM | Computer Name = COMPUTER | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 2/10/2010 1:36:39 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/10/2010 1:36:39 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7031
Description = The Live Mesh Remote Desktop service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 2/10/2010 1:36:40 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/10/2010 1:36:40 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 2/10/2010 1:36:48 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 2/10/2010 1:47:16 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AVG Free WatchDog service
to connect.

Error - 2/10/2010 1:47:16 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The AVG Free WatchDog service failed to start due to the following
error: %%1053

Error - 2/10/2010 1:47:16 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 2/10/2010 1:47:16 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/10/2010 1:47:16 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >









From what I could find online, the best solution for the virus is PREVX, which, like most anti-virus programs, I'm not allowed to run. Does anyone have any suggestions on how else I might be able to get rid of it?
  • 0

Advertisements

#2
AniDanny
Posted 10 February 2010 - 12:21 PM

AniDanny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Update: I just thought to try running in safe mode to see if MBAM and GMER would run. Same issue as before. Also all my system restore points seem to be deleted/corrupted.
  • 0

#3
AniDanny
Posted 10 February 2010 - 11:21 PM

AniDanny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Update 2: Just got an automatic update on windows, the first thing on it is "Cumulative Security Update for ActiveX Killbits for Windows XP (KB978262)", which addresses a problem that allows "an attacker to compromise a system running Microsoft Internet Explorer and gain control over it." This is either exactly what I need, or else is the virus continuing to mock me in hopes of me screwing up the computer even more... I'm going to ignore the automatic update until I get some input here, though.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP