Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan.Fraudpack keeps respawning [Solved]

Started by yeschiro , May 22 2010 01:20 PM

This topic is locked

#1
yeschiro

Posted 22 May 2010 - 01:20 PM

Member

Member
58 posts

Went through the Malware Removal Guide and this stupid thing keeps respawning itself when I reboot out of safe mode.

Won't let me open any exe programs. I use Firefox which can open get on the connection, but pretty sure IE explorer is a mess taking to porn/viagra sites.

Getting mainly 3 warnings

- Windows Security Alert
- Anitvirus Software Alert
- Application Cannot Be Executed (when trying to open exe program)

Little green shield with checkmark in the taskbar is initiating the Windows Security Alert. Will try to post MBAM and OTL reports if I can open them.

#2
Essexboy

Posted 22 May 2010 - 01:37 PM

GeekU Moderator

Retired Staff
69,964 posts

Try this from safe mode if possible

Please download OTH.scr to your desktop
Please download OTL to your Desktop
Please download the attached Scan.txt to your destop

Double click the OTH file and select Kill All Processes, your desktop will go blank
Posted Image

Then select Start OTL
OTL will now run

double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
Select Scan.txt that you downloaded
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window with the contents of the scan - OTL.txt
You can either press the reboot button and after your computer has restarted you will see the OTL.txt and a further file - Extras.txt on you desktop.

Post the contents of both files back here.
Or alternatively you highlight Ctrl A and copy Ctrl C and click the Internet Explorer button return to Geekstogo and post the scan results back here. Once you have your desktop back you can access and post the Extras.txt

#3
yeschiro

Posted 22 May 2010 - 02:02 PM

Member

Topic Starter
Member
58 posts

There was no scan.txt. Did I miss it?

#4
yeschiro

Posted 22 May 2010 - 02:03 PM

Member

Topic Starter
Member
58 posts

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

05/23/2010 3:40:57 PM
mbam-log-2010-05-23 (15-40-57).txt

Scan type: Quick scan
Objects scanned: 124021
Time elapsed: 8 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acdwcfvr (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acdwcfvr (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Rob Berube\Local Settings\Application Data\hbjldthno\dtyrpwjtssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

#5
Essexboy

Posted 22 May 2010 - 02:06 PM

GeekU Moderator

Retired Staff
69,964 posts

Yep some numpty forgot to upload it

[attachment=41945:scan.txt] Here it is - if you could now follow the OTL destructions please

#6
yeschiro

Posted 22 May 2010 - 02:27 PM

Member

Topic Starter
Member
58 posts

OTL logfile created on: 05/23/2010 4:21:24 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Rob Berube\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1,012.00 Mb Total Physical Memory | 777.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 94.04 Gb Free Space | 65.23% Space Free | Partition Type: NTFS
Drive D: | 386.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCREENING
Current User Name: Rob Berube
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/23 15:53:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTL.com
PRC - [2010/05/23 15:53:40 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTH.scr
PRC - [2010/04/04 09:19:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

========== Modules (SafeList) ==========

MOD - [2010/05/23 15:53:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTL.com
MOD - [2008/04/14 23:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/01/08 22:49:49 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/27 17:31:08 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2007/01/04 22:48:52 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/03/14 02:21:31 | 006,039,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/14 02:21:16 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2010/03/14 02:21:05 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/07 06:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/06 19:54:14 | 000,151,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/07/07 21:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/20 20:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/04/24 21:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/14 23:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 23:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 23:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 23:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 23:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 23:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 23:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 23:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 23:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 23:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 23:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 23:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 23:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 23:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 23:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 23:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/15 01:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/08 02:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2002/03/04 19:56:42 | 000,019,212 | ---- | M] (SRS Medical Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SRSMED.sys -- (SrsMed)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.586
FF - prefs.js..keyword.URL: "http://search.mywebs...15f&searchfor="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/21 08:21:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/21 08:34:08 | 000,000,000 | ---D | M]

[2010/03/03 14:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Extensions
[2010/05/22 22:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\extensions
[2010/03/03 15:06:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/10 22:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\extensions\[email protected]
[2010/05/12 12:29:34 | 000,010,025 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\searchplugins\mywebsearch.xml
[2010/03/03 13:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 23:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\Rob Berube\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Rob Berube\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1045 (SonyOnlineInstallerX)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 13:37:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24cac43c-4554-11de-af07-00234e77df51}\Shell\AutoRun\command - "" = D:\AllTool.exe -- File not found
O33 - MountPoints2\{edd81858-51c1-11de-8cb8-00234e77df51}\Shell - "" = AutoRun
O33 - MountPoints2\{edd81858-51c1-11de-8cb8-00234e77df51}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{edd81858-51c1-11de-8cb8-00234e77df51}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/05/20 11:26:53 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/23 15:53:52 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTL.com
[2010/05/23 15:53:42 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTH.scr
[2010/05/23 14:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Desktop\gmer
[2010/05/23 14:01:11 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\TFC.exe
[2010/05/23 10:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\hbjldthno
[2010/04/21 21:52:42 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2010/04/21 21:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2010/04/21 21:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/21 21:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/21 21:17:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/04/21 21:16:47 | 000,000,000 | ---D | C] -- C:\94ac2787f184ac4d83469b2e6e
[2010/04/21 08:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/21 08:39:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/04/21 08:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Apple Computer
[2010/04/21 08:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/21 08:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/21 08:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/21 08:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Apple
[2010/04/21 08:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/21 08:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/21 08:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Apple Computer
[2010/04/20 21:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Blackberry Desktop
[2010/04/20 20:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Research In Motion
[2010/04/20 20:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/04/20 20:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/04/20 20:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/04/20 20:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2010/04/20 20:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/04/20 19:56:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/04/20 19:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/20 19:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/04/20 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/04/20 19:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/04/06 19:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\My Documents\Docs
[2010/03/17 20:35:59 | 000,358,944 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/03/17 20:35:29 | 000,129,568 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/03/17 20:34:47 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/03/14 02:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Drivers
[2010/03/03 14:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Mozilla
[2010/03/03 14:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla
[2010/03/03 13:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/02 22:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\My Documents\Google Talk Received Files
[2010/02/28 22:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2010/02/28 16:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Malwarebytes
[2010/02/28 16:23:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/28 16:23:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/28 16:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/28 16:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/28 13:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Temp
[2010/02/28 13:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\VSTplugins
[2010/02/28 13:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Publish Providers
[2010/02/28 13:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/28 13:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Sony
[2010/02/28 13:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Sony
[2010/02/28 13:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/02/28 13:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/02/28 13:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup

========== Files - Modified Within 90 Days ==========

[2010/05/23 15:53:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTL.com
[2010/05/23 15:53:40 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTH.scr
[2010/05/23 15:46:21 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/23 15:46:21 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/23 15:46:21 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/23 15:42:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 15:41:34 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Rob Berube\NTUSER.DAT
[2010/05/23 15:41:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rob Berube\ntuser.ini
[2010/05/23 15:41:32 | 002,205,456 | -H-- | M] () -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\IconCache.db
[2010/05/23 15:27:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 15:13:14 | 000,080,216 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/23 15:11:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 15:11:01 | 000,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/23 14:04:13 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\gmer.zip
[2010/05/23 14:00:59 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\TFC.exe
[2010/05/23 13:47:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/21 19:44:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/18 21:27:51 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/23 06:20:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/21 21:52:33 | 000,001,059 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\WinX Free MOV to MP4 Converter.lnk
[2010/04/21 21:29:17 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/04/21 21:24:13 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\Windows Media Player.lnk
[2010/04/21 21:19:37 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/21 21:19:37 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/21 21:19:30 | 000,000,565 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/21 21:18:25 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/21 21:17:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/20 20:35:29 | 001,731,130 | ---- | M] () -- C:\Documents and Settings\Rob Berube\My Documents\LoaderBackup-(2010-04-20).ipd
[2010/04/20 19:54:09 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/14 02:21:43 | 000,358,944 | ---- | M] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/03/14 02:21:23 | 000,129,568 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/03/14 02:21:05 | 001,691,480 | ---- | M] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/03/14 02:21:04 | 002,815,520 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/03/14 02:19:46 | 000,231,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2010/03/14 02:19:46 | 000,001,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2010/03/14 02:19:46 | 000,000,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2010/03/14 02:19:46 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2010/03/14 02:19:46 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2010/03/14 02:19:46 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2010/03/14 02:19:46 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010/03/03 16:54:24 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/03/03 14:00:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/03/03 13:59:38 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/02 22:06:55 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\Google Talk Received Files.lnk
[2010/02/28 22:42:27 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\GoldWave.lnk
[2010/02/28 16:23:05 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 13:27:01 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 8.0.lnk

========== Files Created - No Company Name ==========

[2010/05/23 14:04:15 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Desktop\gmer.zip
[2010/04/21 21:52:33 | 000,001,059 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Desktop\WinX Free MOV to MP4 Converter.lnk
[2010/04/21 21:21:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/04/21 21:17:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/21 21:14:19 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Application Data\BBMS_EXCEPTION.txt
[2010/04/20 20:35:29 | 001,731,130 | ---- | C] () -- C:\Documents and Settings\Rob Berube\My Documents\LoaderBackup-(2010-04-20).ipd
[2010/04/20 20:12:36 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/04/20 19:54:09 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/17 20:36:05 | 000,231,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2010/03/17 20:36:05 | 000,001,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2010/03/17 20:36:05 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2010/03/03 16:54:24 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/03/03 14:00:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/03 13:59:38 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/02 22:06:55 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Desktop\Google Talk Received Files.lnk
[2010/03/01 09:36:52 | 000,142,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/28 22:42:27 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Desktop\GoldWave.lnk
[2010/02/28 16:23:05 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 13:27:01 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 8.0.lnk
[2010/01/10 23:13:57 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/08/09 15:05:42 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/07/10 17:24:15 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/10 17:24:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/08/15 16:37:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/30 22:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/05 12:01:02 | 000,151,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2008/04/14 23:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 01:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/08/06 11:07:30 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/13 11:49:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2005/03/28 18:45:26 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2003/09/22 10:49:36 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2002/11/22 05:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 05:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 05:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 05:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 05:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 05:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2010/04/20 19:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/13 11:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/02/28 13:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/21 21:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/18 21:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\BitTorrent
[2010/04/20 21:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Blackberry Desktop
[2010/01/10 23:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\FreeAudioPack
[2009/10/07 15:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\InterVideo
[2010/01/30 18:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/07/18 14:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\OpenOffice.org
[2010/02/28 18:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Publish Providers
[2010/04/21 21:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Research In Motion
[2010/02/28 13:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Sony
[2010/05/14 18:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Sony Online Entertainment

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/08/15 13:37:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/05 04:05:04 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/19 09:10:34 | 000,117,904 | ---- | M] () -- C:\CIMG0756.JPG
[2009/11/19 09:11:48 | 000,095,856 | ---- | M] () -- C:\CIMG0764.JPG
[2009/11/19 09:12:02 | 000,072,950 | ---- | M] () -- C:\CIMG0765.JPG
[2009/11/19 09:12:12 | 000,087,021 | ---- | M] () -- C:\CIMG0766.JPG
[2009/11/19 09:12:18 | 000,076,960 | ---- | M] () -- C:\CIMG0767.JPG
[2009/11/19 09:12:22 | 000,073,972 | ---- | M] () -- C:\CIMG0768.JPG
[2009/11/19 09:12:30 | 000,093,994 | ---- | M] () -- C:\CIMG0769.JPG
[2009/11/19 09:12:46 | 000,098,996 | ---- | M] () -- C:\CIMG0771.JPG
[2008/08/15 13:37:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/08/15 13:37:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/29 21:26:37 | 000,000,483 | ---- | M] () -- C:\LOG1.log
[2010/03/03 16:43:29 | 000,000,483 | ---- | M] () -- C:\LOG2F.log
[2010/03/03 16:46:11 | 000,000,483 | ---- | M] () -- C:\LOG30.log
[2009/07/09 09:19:17 | 000,000,483 | ---- | M] () -- C:\LOG39.log
[2010/03/04 17:20:01 | 000,000,483 | ---- | M] () -- C:\LOG4.log
[2009/07/09 09:39:30 | 000,000,483 | ---- | M] () -- C:\LOG4A.log
[2009/07/09 09:56:56 | 000,000,483 | ---- | M] () -- C:\LOG4B.log
[2009/07/09 10:04:47 | 000,000,483 | ---- | M] () -- C:\LOG4C.log
[2009/07/09 09:11:12 | 000,000,483 | ---- | M] () -- C:\LOG8.log
[2009/06/05 17:09:22 | 000,000,483 | ---- | M] () -- C:\LOGA9.log
[2010/05/23 15:30:35 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/08/15 13:37:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/02/11 15:16:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2008/04/14 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 23:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/23 15:42:05 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2008/08/15 16:42:52 | 000,000,080 | ---- | M] () -- C:\Preload.aaa
[2008/08/15 13:57:08 | 000,000,542 | ---- | M] () -- C:\RHDSetup.log
[1999/11/11 03:17:54 | 000,000,049 | ---- | M] () -- C:\XPH.TAG

< MD5 for: AGP440.SYS >
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 03:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 03:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 23:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 23:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 23:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 23:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 23:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: INTELPPM.SYS >
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:intelppm.sys
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:intelppm.sys
[2008/04/14 23:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=8C953733D8F36EB2133F5BB58808B66B -- C:\WINDOWS\system32\drivers\intelppm.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 23:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 23:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/15 06:29:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/15 06:29:32 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/15 06:29:32 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/14 02:21:05 | 001,691,480 | ---- | M] (Creative) -- C:\WINDOWS\system32\drivers\Ambfilt.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/03/14 02:21:16 | 001,395,800 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\Monfilt.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/03/14 02:21:31 | 006,039,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

OTL Extras logfile created on: 05/23/2010 4:21:24 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Rob Berube\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1,012.00 Mb Total Physical Memory | 777.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 94.04 Gb Free Space | 65.23% Space Free | Partition Type: NTFS
Drive D: | 386.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCREENING
Current User Name: Rob Berube
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"" =

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{529215DF-7CE4-4699-B7A9-02348940963B}" = 7.0 Millennium
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = Acer Crystal Eye webcam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F7952CA2-A925-4CA1-A934-A46E8EC9CA18}" = Acer Crystal Eye Webcam
"{F7D411BD-D6EB-2D32-6F41-8A9976309723}" = Market Samurai
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"GoldWave v5.55" = GoldWave v5.55
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LManager" = Launch Manager
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"save2pc Light_is1" = save2pc Light 4.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinX Free MOV to MP4 Converter_is1" = WinX Free MOV to MP4 Converter 4.1.3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/13/2010 1:47:08 PM | Computer Name = SCREENING | Source = Google Update | ID = 20
Description =

Error - 05/13/2010 2:47:08 PM | Computer Name = SCREENING | Source = Google Update | ID = 20
Description =

Error - 05/13/2010 3:47:07 PM | Computer Name = SCREENING | Source = Google Update | ID = 20
Description =

Error - 05/13/2010 4:47:08 PM | Computer Name = SCREENING | Source = Google Update | ID = 20
Description =

Error - 05/13/2010 5:47:07 PM | Computer Name = SCREENING | Source = Google Update | ID = 20
Description =

Error - 05/13/2010 6:47:07 PM | Computer Name = SCREENING | Source = Google Update | ID = 20
Description =

Error - 05/19/2010 8:56:10 AM | Computer Name = SCREENING | Source = MsiInstaller | ID = 11706
Description = Product: 7.0 Millennium -- Error 1706.No valid source could be found
for product 7.0 Millennium. The Windows Installer cannot continue.

Error - 05/19/2010 8:56:29 AM | Computer Name = SCREENING | Source = MsiInstaller | ID = 11706
Description = Product: 7.0 Millennium -- Error 1706.No valid source could be found
for product 7.0 Millennium. The Windows Installer cannot continue.

Error - 05/19/2010 9:01:56 AM | Computer Name = SCREENING | Source = MsiInstaller | ID = 11706
Description = Product: 7.0 Millennium -- Error 1706.No valid source could be found
for product 7.0 Millennium. The Windows Installer cannot continue.

Error - 05/19/2010 9:02:29 AM | Computer Name = SCREENING | Source = MsiInstaller | ID = 11706
Description = Product: 7.0 Millennium -- Error 1706.No valid source could be found
for product 7.0 Millennium. The Windows Installer cannot continue.

[ OSession Events ]
Error - 01/04/2010 9:30:29 PM | Computer Name = SCREENING | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 281
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/23/2010 3:30:29 PM | Computer Name = SCREENING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 05/23/2010 3:30:34 PM | Computer Name = SCREENING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 05/23/2010 3:30:34 PM | Computer Name = SCREENING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 05/23/2010 3:30:34 PM | Computer Name = SCREENING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 05/23/2010 3:30:34 PM | Computer Name = SCREENING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 05/23/2010 3:30:40 PM | Computer Name = SCREENING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 05/23/2010 3:30:40 PM | Computer Name = SCREENING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 05/23/2010 3:41:33 PM | Computer Name = SCREENING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/23/2010 3:42:50 PM | Computer Name = SCREENING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/23/2010 3:43:57 PM | Computer Name = SCREENING | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

< End of report >

#7
Essexboy

Posted 22 May 2010 - 02:33 PM

GeekU Moderator

Retired Staff
69,964 posts

On completion of this run can you let me know what problems remain

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm458YYUS&ptb=4hbprXFHwjgD1W.b0lX8vw&psa=&ind=2010050911&ptnrS=ZUxdm458YYUS&si=&st=kwd&n=77cef15f&searchfor="
[2010/05/23 10:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\hbjldthno


:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#8
yeschiro

Posted 22 May 2010 - 02:50 PM

Member

Topic Starter
Member
58 posts

OTL logfile created on: 05/23/2010 4:50:43 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Rob Berube\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1,012.00 Mb Total Physical Memory | 779.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 94.74 Gb Free Space | 65.72% Space Free | Partition Type: NTFS
Drive D: | 386.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCREENING
Current User Name: Rob Berube
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/23 15:53:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTL.com
PRC - [2010/05/23 15:53:40 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTH.scr
PRC - [2010/04/04 09:19:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

========== Modules (SafeList) ==========

MOD - [2010/05/23 15:53:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTL.com
MOD - [2008/04/14 23:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/01/08 22:49:49 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/27 17:31:08 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2007/01/04 22:48:52 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/03/14 02:21:31 | 006,039,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/14 02:21:16 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2010/03/14 02:21:05 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/07 06:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/06 19:54:14 | 000,151,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/07/07 21:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/20 20:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/04/24 21:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/14 23:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 23:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 23:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 23:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 23:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 23:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 23:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 23:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 23:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 23:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 23:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 23:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 23:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 23:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 23:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 23:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/15 01:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/08 02:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2002/03/04 19:56:42 | 000,019,212 | ---- | M] (SRS Medical Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SRSMED.sys -- (SrsMed)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.586

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/21 08:21:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/21 08:34:08 | 000,000,000 | ---D | M]

[2010/03/03 14:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Extensions
[2010/05/22 22:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\extensions
[2010/03/03 15:06:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/10 22:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\extensions\[email protected]
[2010/05/12 12:29:34 | 000,010,025 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\searchplugins\mywebsearch.xml
[2010/03/03 13:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/23 16:46:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\Rob Berube\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Rob Berube\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1045 (SonyOnlineInstallerX)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 13:37:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24cac43c-4554-11de-af07-00234e77df51}\Shell\AutoRun\command - "" = D:\AllTool.exe -- File not found
O33 - MountPoints2\{edd81858-51c1-11de-8cb8-00234e77df51}\Shell - "" = AutoRun
O33 - MountPoints2\{edd81858-51c1-11de-8cb8-00234e77df51}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{edd81858-51c1-11de-8cb8-00234e77df51}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/23 16:46:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/23 15:53:52 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTL.com
[2010/05/23 15:53:42 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTH.scr
[2010/05/23 14:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Desktop\gmer
[2010/05/23 14:01:11 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\TFC.exe
[2010/04/21 21:52:42 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2010/04/21 21:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2010/04/21 21:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/21 21:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/21 21:17:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/04/21 21:16:47 | 000,000,000 | ---D | C] -- C:\94ac2787f184ac4d83469b2e6e
[2010/04/21 08:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/21 08:39:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/04/21 08:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Apple Computer
[2010/04/21 08:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/21 08:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/21 08:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/21 08:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Apple
[2010/04/21 08:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/21 08:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/21 08:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Apple Computer
[2010/04/20 21:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Blackberry Desktop
[2010/04/20 20:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Research In Motion
[2010/04/20 20:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/04/20 20:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/04/20 20:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/04/20 20:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2010/04/20 20:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/04/20 19:56:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/04/20 19:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/20 19:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/04/20 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/04/20 19:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/04/06 19:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\My Documents\Docs
[2010/03/17 20:35:59 | 000,358,944 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/03/17 20:35:29 | 000,129,568 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/03/17 20:34:47 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/03/14 02:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Drivers
[2010/03/03 14:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Mozilla
[2010/03/03 14:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla
[2010/03/03 13:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/02 22:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\My Documents\Google Talk Received Files
[2010/02/28 22:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2010/02/28 16:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Malwarebytes
[2010/02/28 16:23:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/28 16:23:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/28 16:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/28 16:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/28 13:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Temp
[2010/02/28 13:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\VSTplugins
[2010/02/28 13:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Publish Providers
[2010/02/28 13:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/28 13:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Sony
[2010/02/28 13:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Sony
[2010/02/28 13:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/02/28 13:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/02/28 13:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup

========== Files - Modified Within 90 Days ==========

[2010/05/23 16:51:35 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/23 16:51:35 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/23 16:51:35 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/23 16:47:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 16:46:45 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Rob Berube\NTUSER.DAT
[2010/05/23 16:46:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rob Berube\ntuser.ini
[2010/05/23 16:46:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/05/23 15:53:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTL.com
[2010/05/23 15:53:40 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTH.scr
[2010/05/23 15:41:32 | 002,205,456 | -H-- | M] () -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\IconCache.db
[2010/05/23 15:27:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 15:13:14 | 000,080,216 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/23 15:11:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 15:11:01 | 000,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/23 14:04:13 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\gmer.zip
[2010/05/23 14:00:59 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\TFC.exe
[2010/05/23 13:47:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/21 19:44:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/18 21:27:51 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/23 06:20:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/21 21:52:33 | 000,001,059 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\WinX Free MOV to MP4 Converter.lnk
[2010/04/21 21:29:17 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/04/21 21:24:13 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\Windows Media Player.lnk
[2010/04/21 21:19:37 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/21 21:19:37 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/21 21:19:30 | 000,000,565 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/21 21:18:25 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/21 21:17:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/20 20:35:29 | 001,731,130 | ---- | M] () -- C:\Documents and Settings\Rob Berube\My Documents\LoaderBackup-(2010-04-20).ipd
[2010/04/20 19:54:09 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/14 02:21:43 | 000,358,944 | ---- | M] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/03/14 02:21:23 | 000,129,568 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/03/14 02:21:05 | 001,691,480 | ---- | M] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/03/14 02:21:04 | 002,815,520 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/03/14 02:19:46 | 000,231,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2010/03/14 02:19:46 | 000,001,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2010/03/14 02:19:46 | 000,000,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2010/03/14 02:19:46 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2010/03/14 02:19:46 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2010/03/14 02:19:46 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2010/03/14 02:19:46 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010/03/03 16:54:24 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/03/03 14:00:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/03/03 13:59:38 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/02 22:06:55 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\Google Talk Received Files.lnk
[2010/02/28 22:42:27 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\GoldWave.lnk
[2010/02/28 16:23:05 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 13:27:01 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 8.0.lnk

========== Files Created - No Company Name ==========

[2010/05/23 14:04:15 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Desktop\gmer.zip
[2010/04/21 21:52:33 | 000,001,059 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Desktop\WinX Free MOV to MP4 Converter.lnk
[2010/04/21 21:21:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/04/21 21:17:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/21 21:14:19 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Application Data\BBMS_EXCEPTION.txt
[2010/04/20 20:35:29 | 001,731,130 | ---- | C] () -- C:\Documents and Settings\Rob Berube\My Documents\LoaderBackup-(2010-04-20).ipd
[2010/04/20 20:12:36 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/04/20 19:54:09 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/17 20:36:05 | 000,231,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2010/03/17 20:36:05 | 000,001,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2010/03/17 20:36:05 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2010/03/03 16:54:24 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/03/03 14:00:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/03 13:59:38 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/02 22:06:55 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Desktop\Google Talk Received Files.lnk
[2010/03/01 09:36:52 | 000,142,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/28 22:42:27 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Desktop\GoldWave.lnk
[2010/02/28 16:23:05 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 13:27:01 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 8.0.lnk
[2010/01/10 23:13:57 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/08/09 15:05:42 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/07/10 17:24:15 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/10 17:24:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/08/15 16:37:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/30 22:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/05 12:01:02 | 000,151,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2008/04/14 23:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 01:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/08/06 11:07:30 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/13 11:49:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2005/03/28 18:45:26 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2003/09/22 10:49:36 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2002/11/22 05:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 05:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 05:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 05:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 05:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 05:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2010/04/20 19:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/13 11:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/02/28 13:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/21 21:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/18 21:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\BitTorrent
[2010/04/20 21:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Blackberry Desktop
[2010/01/10 23:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\FreeAudioPack
[2009/10/07 15:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\InterVideo
[2010/01/30 18:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/07/18 14:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\OpenOffice.org
[2010/02/28 18:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Publish Providers
[2010/04/21 21:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Research In Motion
[2010/02/28 13:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Sony
[2010/05/14 18:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Sony Online Entertainment

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

Can I start up in regular mode to see if there is still an issue?

#9
Essexboy

Posted 22 May 2010 - 04:19 PM

GeekU Moderator

Retired Staff
69,964 posts

Yes please run this in normal mode

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2010/05/12 12:29:34 | 000,010,025 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\searchplugins\mywebsearch.xml

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#10
yeschiro

Posted 22 May 2010 - 05:16 PM

Member

Topic Starter
Member
58 posts

No popups/warnings yet. Here is the log:

OTL logfile created on: 05/23/2010 7:15:55 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Rob Berube\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1,012.00 Mb Total Physical Memory | 666.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 94.62 Gb Free Space | 65.63% Space Free | Partition Type: NTFS
Drive D: | 386.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCREENING
Current User Name: Rob Berube
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/23 19:15:43 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Rob Berube\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010/05/23 15:53:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTL.com
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/07/08 12:31:24 | 000,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2009/05/20 11:43:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/06/04 21:10:02 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2008/05/22 15:30:16 | 000,425,984 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2008/05/13 23:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/04/14 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 03:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe

========== Modules (SafeList) ==========

MOD - [2010/05/23 15:53:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTL.com
MOD - [2008/04/14 23:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/01/08 22:49:49 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/27 17:31:08 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2007/01/04 22:48:52 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/03/14 02:21:31 | 006,039,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/14 02:21:16 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2010/03/14 02:21:05 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/07 06:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/06 19:54:14 | 000,151,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/07/07 21:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/20 20:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/04/24 21:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/14 23:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 23:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 23:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 23:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 23:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 23:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 23:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 23:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 23:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 23:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 23:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 23:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 23:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 23:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 23:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 23:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/15 01:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/08 02:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2002/03/04 19:56:42 | 000,019,212 | ---- | M] (SRS Medical Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SRSMED.sys -- (SrsMed)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.586

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/21 08:21:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/21 08:34:08 | 000,000,000 | ---D | M]

[2010/03/03 14:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Extensions
[2010/05/22 22:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\extensions
[2010/03/03 15:06:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/10 22:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\extensions\[email protected]
[2010/03/03 13:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/23 19:14:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\Rob Berube\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Rob Berube\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1045 (SonyOnlineInstallerX)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 13:37:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24cac43c-4554-11de-af07-00234e77df51}\Shell\AutoRun\command - "" = D:\AllTool.exe -- File not found
O33 - MountPoints2\{edd81858-51c1-11de-8cb8-00234e77df51}\Shell - "" = AutoRun
O33 - MountPoints2\{edd81858-51c1-11de-8cb8-00234e77df51}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{edd81858-51c1-11de-8cb8-00234e77df51}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/23 16:46:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/23 15:53:52 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTL.com
[2010/05/23 15:53:42 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTH.scr
[2010/05/23 14:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Desktop\gmer
[2010/05/23 14:01:11 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\TFC.exe
[2010/04/21 21:52:42 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2010/04/21 21:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2010/04/21 21:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/21 21:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/21 21:17:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/04/21 21:16:47 | 000,000,000 | ---D | C] -- C:\94ac2787f184ac4d83469b2e6e
[2010/04/21 08:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/21 08:39:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/04/21 08:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Apple Computer
[2010/04/21 08:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/21 08:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/21 08:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/21 08:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Apple
[2010/04/21 08:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/21 08:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/21 08:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Apple Computer
[2010/04/20 21:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Blackberry Desktop
[2010/04/20 20:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Research In Motion
[2010/04/20 20:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/04/20 20:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/04/20 20:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/04/20 20:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2010/04/20 20:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/04/20 19:56:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/04/20 19:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/20 19:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/04/20 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/04/20 19:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/04/06 19:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\My Documents\Docs
[2010/03/17 20:35:59 | 000,358,944 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/03/17 20:35:29 | 000,129,568 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/03/17 20:34:47 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/03/14 02:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Drivers
[2010/03/03 14:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Mozilla
[2010/03/03 14:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Mozilla
[2010/03/03 13:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/02 22:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\My Documents\Google Talk Received Files
[2010/02/28 22:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2010/02/28 16:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Malwarebytes
[2010/02/28 16:23:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/28 16:23:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/28 16:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/28 16:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/28 13:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Temp
[2010/02/28 13:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\VSTplugins
[2010/02/28 13:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Publish Providers
[2010/02/28 13:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/28 13:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\Sony
[2010/02/28 13:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Berube\Application Data\Sony
[2010/02/28 13:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/02/28 13:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/02/28 13:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup

========== Files - Modified Within 90 Days ==========

[2010/05/23 19:15:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 19:15:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 19:15:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 19:15:26 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/23 19:14:44 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Rob Berube\NTUSER.DAT
[2010/05/23 19:14:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rob Berube\ntuser.ini
[2010/05/23 19:14:35 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/05/23 19:13:25 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/23 17:35:00 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/23 17:35:00 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/23 17:35:00 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/23 15:53:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTL.com
[2010/05/23 15:53:40 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\OTH.scr
[2010/05/23 15:41:32 | 002,205,456 | -H-- | M] () -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\IconCache.db
[2010/05/23 15:13:14 | 000,080,216 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/23 15:11:01 | 000,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/23 14:04:13 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\gmer.zip
[2010/05/23 14:00:59 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Berube\Desktop\TFC.exe
[2010/05/21 19:44:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/18 21:27:51 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/23 06:20:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/21 21:52:33 | 000,001,059 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\WinX Free MOV to MP4 Converter.lnk
[2010/04/21 21:29:17 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/04/21 21:24:13 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\Windows Media Player.lnk
[2010/04/21 21:19:37 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/21 21:19:37 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/21 21:19:30 | 000,000,565 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/21 21:18:25 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/21 21:17:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/20 20:35:29 | 001,731,130 | ---- | M] () -- C:\Documents and Settings\Rob Berube\My Documents\LoaderBackup-(2010-04-20).ipd
[2010/04/20 19:54:09 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/14 02:21:43 | 000,358,944 | ---- | M] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/03/14 02:21:23 | 000,129,568 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/03/14 02:21:05 | 001,691,480 | ---- | M] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/03/14 02:21:04 | 002,815,520 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/03/14 02:19:46 | 000,231,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2010/03/14 02:19:46 | 000,001,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2010/03/14 02:19:46 | 000,000,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2010/03/14 02:19:46 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2010/03/14 02:19:46 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2010/03/14 02:19:46 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2010/03/14 02:19:46 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010/03/03 16:54:24 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/03/03 14:00:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/03/03 13:59:38 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/02 22:06:55 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\Google Talk Received Files.lnk
[2010/02/28 22:42:27 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Rob Berube\Desktop\GoldWave.lnk
[2010/02/28 16:23:05 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 13:27:01 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 8.0.lnk

========== Files Created - No Company Name ==========

[2010/05/23 17:29:55 | 1061,105,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/23 14:04:15 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Desktop\gmer.zip
[2010/04/21 21:52:33 | 000,001,059 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Desktop\WinX Free MOV to MP4 Converter.lnk
[2010/04/21 21:21:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/04/21 21:17:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/21 21:14:19 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Application Data\BBMS_EXCEPTION.txt
[2010/04/20 20:35:29 | 001,731,130 | ---- | C] () -- C:\Documents and Settings\Rob Berube\My Documents\LoaderBackup-(2010-04-20).ipd
[2010/04/20 20:12:36 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/04/20 19:54:09 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/17 20:36:05 | 000,231,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2010/03/17 20:36:05 | 000,001,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2010/03/17 20:36:05 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2010/03/03 16:54:24 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/03/03 14:00:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/03 13:59:38 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/02 22:06:55 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Desktop\Google Talk Received Files.lnk
[2010/03/01 09:36:52 | 000,142,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/28 22:42:27 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Rob Berube\Desktop\GoldWave.lnk
[2010/02/28 16:23:05 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 13:27:01 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 8.0.lnk
[2010/01/10 23:13:57 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/08/09 15:05:42 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/07/10 17:24:15 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/10 17:24:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/08/15 16:37:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/30 22:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/05 12:01:02 | 000,151,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2008/04/14 23:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 01:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/08/06 11:07:30 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/13 11:49:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2005/03/28 18:45:26 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2003/09/22 10:49:36 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2002/11/22 05:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 05:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 05:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 05:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 05:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 05:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2010/04/20 19:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/13 11:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/02/28 13:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/21 21:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/18 21:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\BitTorrent
[2010/04/20 21:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Blackberry Desktop
[2010/01/10 23:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\FreeAudioPack
[2009/10/07 15:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\InterVideo
[2010/01/30 18:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/07/18 14:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\OpenOffice.org
[2010/02/28 18:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Publish Providers
[2010/04/21 21:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Research In Motion
[2010/02/28 13:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Sony
[2010/05/14 18:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Berube\Application Data\Sony Online Entertainment

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

#11
Essexboy

Posted 23 May 2010 - 04:17 AM

GeekU Moderator

Retired Staff
69,964 posts

Looks OK - could you now run MBAM in normal mode please and post the resultant log

#12
yeschiro

Posted 23 May 2010 - 07:49 AM

Member

Topic Starter
Member
58 posts

Couldn't run MBAM due to a vbAcellerator SGrid II Control Run-time error '0' and Malwarebytes Antimalware run-time error '440' Automation error.

Reinstalled MBAM, got the same errors but was able to run scan.

Here's the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4132

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/24/2010 9:46:36 AM
mbam-log-2010-05-24 (09-46-36).txt

Scan type: Quick scan
Objects scanned: 129490
Time elapsed: 8 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13
Essexboy

Posted 23 May 2010 - 07:58 AM

GeekU Moderator

Retired Staff
69,964 posts

OK that tells me where to go next

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#14
yeschiro

Posted 23 May 2010 - 08:30 AM

Member

Topic Starter
Member
58 posts

ComboFix 10-05-22.03 - Rob Berube 05/24/2010 10:24:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.483 [GMT -4:00]
Running from: c:\documents and settings\Rob Berube\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rob Berube\Application Data\Microsoft\HTML Help\hh.dat

.
((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-23 23:28 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-23 23:28 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-23 23:28 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-23 23:28 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-23 23:28 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-23 23:28 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-23 23:28 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-23 23:28 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-23 23:28 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-23 23:27 . 2010-05-23 23:27 -------- d-----w- c:\program files\Alwil Software
2010-05-23 23:27 . 2010-05-23 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-23 20:46 . 2010-05-23 20:46 -------- d-----w- C:\_OTL
2010-05-23 14:55 . 2010-05-23 14:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-23 14:55 . 2010-05-23 14:55 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 13:37 . 2010-02-28 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-23 19:13 . 2009-06-05 08:05 80216 ----a-w- c:\documents and settings\Rob Berube\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-19 01:35 . 2009-07-09 14:30 -------- d-----w- c:\documents and settings\Rob Berube\Application Data\BitTorrent
2010-05-14 22:39 . 2010-01-17 20:12 246073 ----a-w- c:\documents and settings\Rob Berube\Application Data\Sony Online Entertainment\npsoeact.dll
2010-05-14 22:39 . 2010-01-17 20:12 -------- d-----w- c:\documents and settings\Rob Berube\Application Data\Sony Online Entertainment
2010-04-29 19:39 . 2010-02-28 20:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-02-28 20:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 01:59 . 2010-01-24 04:45 -------- d-----w- c:\documents and settings\Rob Berube\Application Data\vlc
2010-04-22 01:58 . 2010-02-28 17:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-22 01:52 . 2010-04-22 01:52 -------- d-----w- c:\program files\Digiarty
2010-04-22 01:29 . 2010-04-21 00:12 256 ----a-w- c:\windows\system32\pool.bin
2010-04-22 01:19 . 2010-04-22 01:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-22 01:14 . 2010-04-21 00:12 -------- d-----w- c:\documents and settings\Rob Berube\Application Data\Research In Motion
2010-04-21 12:34 . 2010-04-21 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-21 12:32 . 2010-04-21 12:32 -------- d-----w- c:\documents and settings\Rob Berube\Application Data\Apple Computer
2010-04-21 12:21 . 2010-04-21 12:20 -------- d-----w- c:\program files\QuickTime
2010-04-21 12:20 . 2010-04-21 12:20 -------- d-----w- c:\program files\Common Files\Apple
2010-04-21 12:20 . 2010-04-21 12:20 -------- d-----w- c:\program files\Apple Software Update
2010-04-21 12:20 . 2010-04-21 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-21 01:09 . 2010-04-21 01:09 -------- d-----w- c:\documents and settings\Rob Berube\Application Data\Blackberry Desktop
2010-04-21 00:04 . 2009-06-05 08:05 -------- d-----w- c:\documents and settings\Rob Berube\Application Data\InstallShield
2010-04-21 00:04 . 2010-04-21 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-04-21 00:04 . 2010-04-21 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-04-21 00:02 . 2010-04-20 23:54 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-21 00:01 . 2010-04-21 00:01 -------- d-----w- c:\program files\Roxio
2010-04-21 00:01 . 2010-04-21 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-04-21 00:01 . 2010-04-21 00:01 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-21 00:01 . 2008-08-15 17:58 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-20 23:55 . 2010-04-20 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-04-20 23:55 . 2010-04-20 23:53 -------- d-----w- c:\program files\Research In Motion
2010-04-20 23:54 . 2010-04-20 23:53 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-04-05 04:52 . 2009-06-05 21:09 -------- d-----w- c:\documents and settings\Rob Berube\Application Data\U3
2010-03-21 15:00 . 2009-11-11 03:42 79488 ----a-w- c:\documents and settings\Rob Berube\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-14 06:19 . 2008-03-05 10:07 838176 ----a-w- c:\windows\RtlExUpd.dll
2010-03-14 06:19 . 2010-03-18 00:36 520 ----a-w- c:\windows\system32\drivers\RTEQEX2.dat
2010-03-14 06:19 . 2010-03-18 00:36 231056 ----a-w- c:\windows\system32\drivers\RTConvEQ.dat
2010-03-14 06:19 . 2010-03-18 00:36 1352 ----a-w- c:\windows\system32\drivers\RtHdatEx.dat
2010-03-14 06:19 . 2008-06-06 14:08 672 ----a-w- c:\windows\system32\drivers\SamSfPa.dat
2010-03-14 06:19 . 2007-07-13 06:11 8 ----a-w- c:\windows\system32\drivers\rtkhdaud.dat
2010-03-14 06:19 . 2005-06-26 21:29 520 ----a-w- c:\windows\system32\drivers\RTEQEX0.dat
2010-03-14 06:19 . 2005-06-26 21:29 520 ----a-w- c:\windows\system32\drivers\RTEQEX1.dat
2010-03-10 06:15 . 2008-05-09 10:53 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 18:49 . 2010-03-11 02:16 3862528 ----a-w- c:\documents and settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\extensions\[email protected]\plugins\npRACtrl.dll
2010-03-03 18:00 . 2010-03-03 18:00 0 ----a-w- c:\windows\nsreg.dat
2010-03-01 13:36 . 2010-03-01 13:36 142448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-25 06:24 . 2007-08-14 01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-15 03:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-20 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"M3000Mnt"="M3000Rmv.dll " [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2010-03-14 59936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-27 30192]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-05 148888]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-14 18789920]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\documents and settings\Rob Berube\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-1-8 576000]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-3 113664]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"<NO NAME>"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/23/2010 7:28 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/23/2010 7:28 PM 19024]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [05/05/2008 12:01 PM 151936]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/06/2010 4:32 PM 135664]
S2 SrsMed;SRS Medical BioData Processing System Driver - SrsMed.sys;c:\windows\system32\drivers\SRSMED.sys [06/04/2009 2:06 PM 19212]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03/17/2010 8:34 PM 1691480]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [05/20/2009 11:43 AM 30192]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [05/20/2009 11:45 AM 96856]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
Contents of the 'Scheduled Tasks' folder

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:32]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\Rob Berube\Application Data\Mozilla\Firefox\Profiles\cvd5etbe.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 10:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-05-24 10:34:49
ComboFix-quarantined-files.txt 2010-05-24 14:34

Pre-Run: 101,034,745,856 bytes free
Post-Run: 100,998,246,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - EB5F780EDED9AD316A07A3604AA91D1B

#15
Essexboy

Posted 23 May 2010 - 08:40 AM

GeekU Moderator

Retired Staff
69,964 posts

How is your computer running now ?

We will need to re-register a few MBAM files

Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):

regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"

Once you've done that click on File and select Save As...
In the Save dialogue box click on the drop down menu next to Save as type and select All Files
Name the file MBAM Fix.bat (the .bat extension is very important)
Save the file to your desktop and double click it to run it on XP. For Vista please right click on it and choose Run As Admin
Click OK to each of the 3 dialog boxes that should show a success message for each file registered
If you get an error that REGSVR32 "is not recognized as an internal or external command, operable program or batch file", then ensure that the file REGSVR32.EXE exists in the %WINDIR%\SYSTEM32 folder. If it's not found there you can copy if from another Computer running the same operating system and service pack level.
If that doesn't fix it then please download and install the Microsoft Visual Basic Common Controls from here to see if it helps.