Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer keeps freezing& XP won't upgrade to SP3

Started by tuxedobob , Nov 07 2010 09:26 PM

This topic is locked

#1
tuxedobob

Posted 07 November 2010 - 09:26 PM

Member

Member
64 posts

Help, my computer a compaq desktop approx 6 years old, running Windows XP SP2. It keeps locking up. A few months ago an old iPod crashed it and I had to rebuild it. Since then its been up and down, it was running well but this week its keeps freezing and Ive had to force it shut down twice. Since I rebuilt it, it won't let me upgrade it to SP3 so its still on SP2.Also, my bit defender antivirus, which I just renewed approximately 10days ago is also not running properly. It will run about half way through a full scan and then it has an error message. Bitdefender still hasn't gotten back to me on that. Im not sure if these issues are all linked.

Anything you can do to help will be really, really, really be appreciated.
Best
Bob

OTL logfile created on: 11/7/2010 10:11:15 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 384.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.72 Gb Total Space | 16.84 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.78 Gb Free Space | 19.11% Space Free | Partition Type: FAT32
Drive M: | 931.51 Gb Total Space | 439.21 Gb Free Space | 47.15% Space Free | Partition Type: NTFS

Computer Name: STEFCOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe (SaveTubeVideo Company)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Iomega\QuikProtect\QuikProtect.exe (Iomega Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
SRV - (Update Server) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (QPCopyEngine) -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys File not found
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys File not found
DRV - (bdselfpr) -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender)
DRV - (Trufos) -- C:\WINDOWS\system32\drivers\Trufos.sys (BitDefender S.R.L.)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys (BitDefender)
DRV - (avckf) -- C:\WINDOWS\system32\drivers\avckf.sys (BitDefender)
DRV - (avc3) -- C:\WINDOWS\system32\drivers\avc3.sys (BitDefender)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (QsFsFltr) -- C:\WINDOWS\system32\drivers\QsFsFltr.sys (Windows ® Win 7 DDK provider)
DRV - (Bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (BdRawPr) -- C:\WINDOWS\system32\drivers\bdrawpr.sys (BITDEFENDER LLC)
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (ArcCD) -- C:\WINDOWS\System32\drivers\ArcCD.sys (ArcSoft Inc.)
DRV - (ArcUdfs) -- C:\WINDOWS\System32\drivers\ArcUdfs.sys (ArcSoft Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SearchBHO.dll (Search Engines Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/10/11 22:14:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/10/11 22:14:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2010/10/28 08:40:30 | 000,000,000 | ---D | M]

[2010/09/06 20:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/20 19:16:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2004/02/13 03:08:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ShowBarObj Class) - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\MinBHO.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Result Optimizator) - {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SearchBHO.dll (Search Engines Ltd.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Save Tube Video) - {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SaveTubeVideo.dll (Save Tube Video Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\startQuikProtect.exe (Iomega Corporation - An EMC Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CaSup.lnk = C:\hp\region\CustAtStartUp.wsf File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk = C:\Program Files\InterMute\IMStart.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remote.cinta...perSetupSP1.cab (JuniperSetupControlXP Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/02 03:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{48644b2b-946e-11df-9b27-00112f53b45b}\Shell - "" = AutoRun
O33 - MountPoints2\{48644b2b-946e-11df-9b27-00112f53b45b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{48644b2b-946e-11df-9b27-00112f53b45b}\Shell\AutoRun\command - "" = K:\MI.exe -- File not found
O33 - MountPoints2\{869b75e7-878f-11df-9b23-00112f53b45b}\Shell\AutoRun\command - "" = K:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{869b75e7-878f-11df-9b23-00112f53b45b}\Shell\Setup FlipShare\command - "" = K:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 21:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\SaveTubeVideo
[2010/11/07 20:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\SaveTubeVideo.com
[2010/11/07 20:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/11/07 02:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\QuickScan
[2010/11/07 00:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2010/11/07 00:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/11/07 00:09:33 | 000,462,112 | ---- | C] (How Inc.) -- C:\Program Files\Common Files\ZugoInstaller.exe
[2010/11/07 00:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube Downloader
[2010/11/05 20:58:23 | 000,019,384 | R--- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\QsFsFltr.sys
[2010/10/28 08:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2010/10/28 08:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitDefender
[2010/10/28 07:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2010/10/28 07:49:22 | 000,327,368 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2010/10/28 07:42:31 | 000,253,072 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2010/10/28 07:42:22 | 000,012,960 | ---- | C] (BITDEFENDER LLC) -- C:\WINDOWS\System32\drivers\bdrawpr.sys
[2010/10/24 09:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/10/24 00:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aiseesoft Studio
[2010/10/24 00:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Downloads
[2010/09/07 21:12:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[249 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/07 21:41:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3561450365-182108941-2358072378-1003UA.job
[2010/11/07 21:25:51 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/11/07 21:25:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/07 21:25:33 | 1006,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/07 20:31:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\-1
[2010/11/07 20:26:51 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3838025260-2590624847-291429827-1003UA.job
[2010/11/07 16:01:47 | 000,005,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2010/11/07 12:57:17 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/07 04:41:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3561450365-182108941-2358072378-1003Core.job
[2010/11/07 02:06:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/07 00:09:37 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
[2010/11/07 00:09:37 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free YouTube Downloader.lnk
[2010/11/06 22:25:05 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3838025260-2590624847-291429827-1003Core.job
[2010/11/06 09:22:47 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/06 06:26:43 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010/11/06 06:26:43 | 000,002,270 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/05 20:58:00 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Iomega QuikProtect.lnk
[2010/11/03 14:02:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/01 21:10:40 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/10/31 13:02:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\imblacklist.dat
[2010/10/28 08:43:43 | 000,509,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/10/28 08:41:26 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus Pro 2011.lnk
[2010/10/28 07:51:08 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/10/24 18:02:36 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/24 00:10:52 | 000,001,119 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Aiseesoft iPad Converter Suite.lnk
[2010/10/23 22:19:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/16 12:56:42 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon.url
[2010/10/11 22:14:01 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/11 22:08:36 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/11 22:08:36 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[249 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/07 20:31:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\-1
[2010/11/07 15:59:19 | 000,005,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2010/11/07 00:09:37 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
[2010/11/07 00:09:37 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free YouTube Downloader.lnk
[2010/11/07 00:09:36 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon.url
[2010/11/05 20:58:00 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Iomega QuikProtect.lnk
[2010/10/31 13:02:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imblacklist.dat
[2010/10/28 08:41:26 | 000,001,877 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus Pro 2011.lnk
[2010/10/28 07:42:12 | 000,509,056 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/10/11 22:20:46 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/11 22:14:01 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/11 22:08:36 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/11 22:08:36 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/09 08:26:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/09/08 21:44:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\pe.ini
[2010/09/08 21:44:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\ft99.ini
[2010/09/08 21:44:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\cp.ini
[2010/09/07 21:12:43 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2010/09/07 21:12:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2010/09/07 21:12:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/09/07 21:12:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/06/21 00:25:53 | 000,000,237 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/06/21 00:25:52 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/06/08 17:41:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/03/05 19:38:34 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\QPy0u
[2010/02/11 19:48:57 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2009/10/25 08:48:46 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/10/13 19:55:13 | 000,000,401 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\TweetDeckFast_state.xml
[2009/07/28 20:44:31 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2009/06/15 20:08:52 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/06/13 18:01:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2008/12/21 17:14:32 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/01/28 12:06:48 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\CM.Ini
[2007/05/05 22:56:38 | 000,000,222 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/12/11 09:44:42 | 000,066,048 | ---- | C] () -- C:\WINDOWS\cygz.dll
[2006/02/16 07:50:38 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/10/14 18:16:07 | 000,002,561 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/02/26 23:37:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\OUTSTACKER.INI
[2005/02/25 14:59:10 | 000,002,873 | ---- | C] () -- C:\WINDOWS\Virtuosa.INI
[2005/02/22 22:56:43 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/12/10 23:25:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/10/18 21:44:52 | 000,000,048 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/10/18 21:44:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/10/10 17:59:45 | 000,000,066 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/09/26 00:12:30 | 000,000,253 | ---- | C] () -- C:\WINDOWS\WSHORTEN.INI
[2004/09/17 16:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/11 11:24:46 | 000,007,845 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/09/09 21:08:35 | 000,117,248 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/08 19:54:07 | 000,000,245 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/08 19:54:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\FICFKHJJ.ini
[2004/09/05 12:48:17 | 000,010,611 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2004/09/05 12:47:52 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/04/29 18:03:05 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003378_.tmp.dll
[2004/04/29 16:06:53 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003346_.tmp.dll
[2004/04/03 03:18:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/03 02:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/04/03 02:36:39 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/04/02 19:17:14 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/04/02 19:15:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/04/02 19:00:40 | 000,027,752 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/04/02 19:00:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/04/02 05:01:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/02 04:52:33 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/04/02 04:14:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/02 03:43:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/02 03:34:53 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/04/02 03:34:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/04/02 03:34:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/04/02 03:08:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/02 01:52:53 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/01 18:57:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/24 02:33:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/30 15:00:00 | 000,000,299 | ---- | C] () -- C:\WINDOWS\LProS.ini

========== LOP Check ==========

[2009/01/18 00:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/12/09 09:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/10/24 10:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aiseesoft Studio
[2007/06/04 22:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/05/18 21:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2006/12/10 18:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/01/02 11:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CopyPod
[2009/04/10 21:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2006/12/21 17:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2006/01/21 23:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESPN
[2005/12/19 22:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2010/07/20 18:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2007/10/17 13:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/11/08 20:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2005/02/22 22:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/08/21 13:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/09/09 09:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/09/02 22:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/12/12 20:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/06/11 07:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland
[2008/01/01 15:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/10/19 21:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/10/03 09:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2009/03/18 20:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/18 12:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 19:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/18 09:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/31 15:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2009/11/27 13:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2010/01/22 03:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2010/10/28 08:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitDefender
[2008/12/31 18:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2009/06/07 12:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2008/08/05 12:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cynical Peak
[2010/05/16 19:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DNA
[2008/01/28 12:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Downloaded Installations
[2010/11/07 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2010/05/22 10:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eMusic
[2008/10/18 14:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2010/10/24 00:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/03/07 19:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HandBrake
[2005/12/05 23:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2009/11/25 17:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iPodtoComputer
[2010/05/11 19:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Juniper Networks
[2004/09/05 21:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/01/19 16:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LegalSounds
[2010/09/08 20:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MoveFab
[2010/01/27 21:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mp3tag
[2005/12/21 21:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2010/08/21 13:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2007/02/04 13:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2008/02/08 18:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2007/10/17 16:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orbit
[2010/09/09 08:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2007/02/04 13:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2010/10/28 07:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2008/11/22 14:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ransen Software
[2006/05/02 15:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Raptisoft
[2010/08/14 15:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Recordpad
[2004/04/02 20:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/08/18 16:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2010/06/11 07:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softland
[2007/02/04 13:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2008/08/30 17:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tunebite
[2009/07/02 19:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2010/11/07 22:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/10/31 21:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2010/09/07 21:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2009/10/31 09:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2009/11/07 19:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2010/10/03 09:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WindSolutions
[2008/01/28 12:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Z-Firm LLC
[2010/07/15 23:02:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2010/11/07 02:06:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/08/17 13:50:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2010/08/27 21:55:36 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/10/28 08:38:48 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Owner\?????) -- C:\Documents and Settings\Owner\獷楬汢捯污
[2010/10/28 08:38:48 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Owner\?????) -- C:\Documents and Settings\Owner\獷楬汢捯污

< End of report >

Attached Files

OTL 11-7-10.Txt 78.43KB 153 downloads

Edited by tuxedobob, 11 November 2010 - 06:55 PM.

#2
emeraldnzl

Posted 14 November 2010 - 07:18 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello tuxedobob,

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#3
tuxedobob

Posted 16 November 2010 - 05:04 PM

Member

Topic Starter
Member
64 posts

Thanks so much for helping me here. I just did the malware scan and it came back with zero infections found. When I open a new window in IE its says C;\Program Files\Saveyoutubevideo.com\saveyoutubevideo\index.htm

Here is the log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5129

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11/16/2010 5:58:17 PM
mbam-log-2010-11-16 (17-58-17).txt

Scan type: Quick scan
Objects scanned: 157355
Time elapsed: 19 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4
emeraldnzl

Posted 16 November 2010 - 05:37 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello tuxedobob,

Firstly, please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.:

Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.

http://www.clickz.com/news/article.php/3561546

After that

Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

C:\Program Files\Common Files\ZugoInstaller.exe

Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

When I open a new window in IE its says C;\Program Files\Saveyoutubevideo.com\saveyoutubevideo\index.htm

Yes, I was hoping MBAM would deal with that.

We will try another approach.

Now

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe (SaveTubeVideo Company)
IE - HKCU\..\URLSearchHook: {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SearchBHO.dll (Search Engines Ltd.)
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/10/11 22:14:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/10/11 22:14:39 | 000,000,000 | ---D | M]
O2 - BHO: (ShowBarObj Class) - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\MinBHO.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Search Result Optimizator) - {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SearchBHO.dll (Search Engines Ltd.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Save Tube Video) - {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SaveTubeVideo.dll (Save Tube Video Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{48644b2b-946e-11df-9b27-00112f53b45b}\Shell - "" = AutoRun
O33 - MountPoints2\{48644b2b-946e-11df-9b27-00112f53b45b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{48644b2b-946e-11df-9b27-00112f53b45b}\Shell\AutoRun\command - "" = K:\MI.exe -- File not found
O33 - MountPoints2\{869b75e7-878f-11df-9b23-00112f53b45b}\Shell\AutoRun\command - "" = K:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{869b75e7-878f-11df-9b23-00112f53b45b}\Shell\Setup FlipShare\command - "" = K:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

:Commands
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

Finally in this post

Close all windows and open OTL again.
Click Run Scan and let the program run uninterrupted
It will produce a log for you. Post the log here.

When you return please post
Virscan report
OTL fix log
OTL scan log

#5
tuxedobob

Posted 16 November 2010 - 05:52 PM

Member

Topic Starter
Member
64 posts

Im going to run the different scans but I don't have any programs called viewpoint etc. BTW, thanks for all your help here. I really appreciate it

#6
tuxedobob

Posted 16 November 2010 - 06:19 PM

Member

Topic Starter
Member
64 posts

VirSCAN.org Scanned Report :
Scanned time : 2010/11/16 17:55:01 (CST)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name : ZugoInstaller.exe
File Size : 462112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 584475347a9a137177201c3bf06388d9
SHA1 : 9c287ea4d0d57aee5a188d9cd6b07c52856e50b5
Online report : http://virscan.org/r...5b03447bd8.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101117050518 2010-11-17 1.72 -
AhnLab V3 2010.11.17.00 2010.11.17 2010-11-17 1.48 -
AntiVir 8.2.4.98 7.10.14.12 2010-11-16 0.47 -
Antiy 2.0.18 20101117.5675428 2010-11-17 0.22 -
Arcavir 2010 201011170600 2010-11-17 0.84 -
Authentium 5.1.1 201011161316 2010-11-16 1.40 -
AVAST! 4.7.4 101116-1 2010-11-16 0.23 -
AVG 8.5.850 271.1.1/3260 2010-11-16 4.77 -
BitDefender 7.90123.6253595 7.34689 2010-11-17 6.46 -
ClamAV 0.96.3 12270 2010-11-16 0.50 -
Comodo 4.0 6746 2010-11-16 1.44 -
CP Secure 1.3.0.5 2010.11.17 2010-11-17 0.09 -
Dr.Web 5.0.2.3300 2010.11.17 2010-11-17 12.30 -
F-Prot 4.4.4.56 20101116 2010-11-16 1.37 -
F-Secure 7.02.73807 2010.11.16.11 2010-11-16 14.89 -
Fortinet 4.2.249 12.577 2010-11-16 0.21 -
GData 21.1105/21.477 20101116 2010-11-16 8.64 -
ViRobot 20101116 2010.11.16 2010-11-16 0.37 -
Ikarus T3.1.32.15.0 2010.11.16.77178 2010-11-16 8.34 -
JiangMin 13.0.900 2010.11.16 2010-11-16 1.95 -
Kaspersky 5.5.10 2010.11.16 2010-11-16 2.63 -
KingSoft 2009.2.5.15 2010.11.16.17 2010-11-16 1.24 -
McAfee 5400.1158 6168 2010-11-15 19.57 -
Microsoft 1.6301 2010.11.16 2010-11-16 4.96 -
Norman 6.06.10 6.06.00 2010-11-15 16.02 -
Panda 9.05.01 2010.11.16 2010-11-16 2.31 -
Trend Micro 9.120-1004 7.626.15 2010-11-16 0.00 -
Quick Heal 11.00 2010.11.16 2010-11-16 2.17 -
Rising 20.0 22.74.00.01 2010-11-15 1.93 -
Sophos 3.13.1 4.59 2010-11-17 3.50 -
Sunbelt 3.9.2459.2 7329 2010-11-16 0.59 Zugo Ltd (v)
Symantec 1.3.0.24 20101116.004 2010-11-16 0.26 -
nProtect 20101116.01 9114634 2010-11-16 11.06 -
The Hacker 6.7.0.1 v00085 2010-11-15 0.41 -
VBA32 3.12.14.2 20101116.1005 2010-11-16 24.40 -
VirusBuster 4.5.11.10 10.130.22/2031769 2010-11-17 3.40 -

#7
emeraldnzl

Posted 16 November 2010 - 06:42 PM

GeekU Instructor

GeekU Moderator
20,051 posts

but I don't have any programs called viewpoint

This is what your log shows.

C:\Documents and Settings\All Users\Application Data\Viewpoint

I guess it might be an Add-on with Firefox... came bundled with something maybe.

We can fix it later, meantime I look forward to the OTL ones.

#8
tuxedobob

Posted 16 November 2010 - 07:22 PM

Member

Topic Starter
Member
64 posts

I actually had uninstalled Firefox a while ago because it suddenly got really buggy. I switched to Chrome but then that also went south (God knows what Im doing here but obviously its not good), so I have uninstalled that

THanks for this,

Here is the OTL log
OTL logfile created on: 11/16/2010 7:49:58 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 493.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.72 Gb Total Space | 19.12 Gb Free Space | 17.75% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.78 Gb Free Space | 19.11% Space Free | Partition Type: FAT32
Drive M: | 931.51 Gb Total Space | 434.13 Gb Free Space | 46.60% Space Free | Partition Type: NTFS

Computer Name: STEFCOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Iomega\QuikProtect\QuikProtect.exe (Iomega Corporation)
PRC - C:\Program Files\AirVideoServer\AirVideoServer.exe ()
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
SRV - (Update Server) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (QPCopyEngine) -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys File not found
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys File not found
DRV - (Trufos) -- C:\WINDOWS\system32\drivers\Trufos.sys (BitDefender S.R.L.)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys (BitDefender)
DRV - (bdselfpr) -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender)
DRV - (avckf) -- C:\WINDOWS\system32\drivers\avckf.sys (BitDefender)
DRV - (avc3) -- C:\WINDOWS\system32\drivers\avc3.sys (BitDefender)
DRV - (QsFsFltr) -- C:\WINDOWS\system32\drivers\QsFsFltr.sys (Windows ® Win 7 DDK provider)
DRV - (Bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (bdrawpr) -- C:\WINDOWS\system32\drivers\bdrawpr.sys (BITDEFENDER LLC)
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (ArcCD) -- C:\WINDOWS\System32\drivers\ArcCD.sys (ArcSoft Inc.)
DRV - (ArcUdfs) -- C:\WINDOWS\System32\drivers\ArcUdfs.sys (ArcSoft Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2010/11/12 19:25:05 | 000,000,000 | ---D | M]

[2010/09/06 20:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/20 19:16:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/11/12 17:59:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\startQuikProtect.exe (Iomega Corporation - An EMC Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CaSup.lnk = C:\hp\region\CustAtStartUp.wsf File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk = C:\Program Files\InterMute\IMStart.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remote.cinta...perSetupSP1.cab (JuniperSetupControlXP Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/02 03:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 19:30:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/16 19:27:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/13 07:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bitdefender log
[2010/11/12 20:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2010/11/12 19:26:46 | 000,012,960 | ---- | C] (BITDEFENDER LLC) -- C:\WINDOWS\System32\drivers\bdrawpr.sys
[2010/11/12 18:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GooredFix Backups
[2010/11/12 17:58:55 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/11 22:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Stefan 2010
[2010/11/07 21:32:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/07 21:32:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/07 21:32:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/07 02:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\QuickScan
[2010/11/07 00:09:33 | 000,462,112 | ---- | C] (How Inc.) -- C:\Program Files\Common Files\ZugoInstaller.exe
[2010/11/05 20:58:23 | 000,019,384 | R--- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\QsFsFltr.sys
[2010/10/28 08:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2010/10/28 08:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitDefender
[2010/10/28 07:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2010/10/28 07:49:22 | 000,327,368 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2010/10/28 07:42:31 | 000,253,072 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2010/10/24 09:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/10/24 00:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aiseesoft Studio
[2010/10/24 00:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Downloads
[2010/09/07 21:12:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/16 19:44:22 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/11/16 19:44:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/16 19:44:08 | 1006,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/16 19:27:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/16 18:41:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3561450365-182108941-2358072378-1003UA.job
[2010/11/16 17:37:02 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/16 17:37:02 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/16 12:56:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/16 04:41:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3561450365-182108941-2358072378-1003Core.job
[2010/11/16 02:06:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/14 08:47:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/13 20:40:23 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/11/12 20:54:03 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/12 19:53:36 | 000,002,887 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2010/11/12 19:28:17 | 000,519,954 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/11/12 19:25:25 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus Pro 2011.lnk
[2010/11/12 18:23:44 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/11/12 17:59:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/11 21:14:07 | 000,119,403 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\K'naan album review.doc
[2010/11/11 21:13:24 | 000,119,403 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\K'naan album review.docx
[2010/11/11 20:19:35 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2010/11/11 20:19:35 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2010/11/11 20:19:35 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/11/11 20:19:35 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/11/10 14:02:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/10 07:34:31 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/11/07 22:30:09 | 000,159,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/07 20:31:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\-1
[2010/11/05 20:58:00 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Iomega QuikProtect.lnk
[2010/10/31 13:02:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\imblacklist.dat
[2010/10/28 07:51:08 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/10/24 18:02:36 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/24 00:10:52 | 000,001,119 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Aiseesoft iPad Converter Suite.lnk
[2010/10/23 22:19:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2010/11/12 20:54:03 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/11 21:14:04 | 000,119,403 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\K'naan album review.doc
[2010/11/11 21:13:23 | 000,119,403 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\K'naan album review.docx
[2010/11/10 07:34:30 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
[2010/11/10 07:34:30 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CaSup.lnk
[2010/11/07 20:31:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\-1
[2010/11/07 15:59:19 | 000,002,887 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2010/11/05 20:58:00 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Iomega QuikProtect.lnk
[2010/10/31 13:02:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imblacklist.dat
[2010/10/28 08:41:26 | 000,001,877 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus Pro 2011.lnk
[2010/10/28 07:42:12 | 000,519,954 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/09/09 08:26:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/09/08 21:44:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\pe.ini
[2010/09/08 21:44:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\ft99.ini
[2010/09/08 21:44:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\cp.ini
[2010/09/07 21:12:43 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2010/09/07 21:12:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2010/09/07 21:12:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/09/07 21:12:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/06/21 00:25:53 | 000,000,237 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/06/21 00:25:52 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/06/08 17:41:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/03/05 19:38:34 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\QPy0u
[2010/02/11 19:48:57 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2009/10/25 08:48:46 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/10/13 19:55:13 | 000,000,401 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\TweetDeckFast_state.xml
[2009/07/28 20:44:31 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2009/06/15 20:08:52 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/06/13 18:01:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2008/12/21 17:14:32 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/01/28 12:06:48 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\CM.Ini
[2007/05/05 22:56:38 | 000,000,222 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/12/11 09:44:42 | 000,066,048 | ---- | C] () -- C:\WINDOWS\cygz.dll
[2006/02/16 07:50:38 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/10/14 18:16:07 | 000,002,561 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/02/26 23:37:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\OUTSTACKER.INI
[2005/02/25 14:59:10 | 000,002,873 | ---- | C] () -- C:\WINDOWS\Virtuosa.INI
[2005/02/22 22:56:43 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/12/10 23:25:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/10/18 21:44:52 | 000,000,048 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/10/18 21:44:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/10/10 17:59:45 | 000,000,066 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/09/26 00:12:30 | 000,000,253 | ---- | C] () -- C:\WINDOWS\WSHORTEN.INI
[2004/09/17 16:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/11 11:24:46 | 000,007,845 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/09/09 21:08:35 | 000,117,248 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/08 19:54:07 | 000,000,245 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/08 19:54:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\FICFKHJJ.ini
[2004/09/05 12:48:17 | 000,010,611 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2004/09/05 12:47:52 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/04/29 18:03:05 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003378_.tmp.dll
[2004/04/29 16:06:53 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003346_.tmp.dll
[2004/04/03 03:18:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/03 02:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/04/03 02:36:39 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/04/02 19:17:14 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/04/02 19:15:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/04/02 19:00:40 | 000,027,752 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/04/02 19:00:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/04/02 05:01:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/02 04:52:33 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/04/02 04:14:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/02 03:43:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/02 03:34:53 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/04/02 03:34:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/04/02 03:34:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/04/02 03:08:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/02 01:52:53 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/01 18:57:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/24 02:33:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/30 15:00:00 | 000,000,299 | ---- | C] () -- C:\WINDOWS\LProS.ini

========== Files - Unicode (All) ==========
[2010/10/28 08:38:48 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Owner\?????) -- C:\Documents and Settings\Owner\獷楬汢捯污
[2010/10/28 08:38:48 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Owner\?????) -- C:\Documents and Settings\Owner\獷楬汢捯污

< End of report >

#9
tuxedobob

Posted 16 November 2010 - 07:24 PM

Member

Topic Starter
Member
64 posts

Here is the fix log

OTL Extras logfile created on: 11/16/2010 7:30:28 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 141.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.72 Gb Total Space | 19.15 Gb Free Space | 17.78% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.78 Gb Free Space | 19.11% Space Free | Partition Type: FAT32
Drive M: | 931.51 Gb Total Space | 434.13 Gb Free Space | 46.60% Space Free | Partition Type: NTFS

Computer Name: STEFCOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe" = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576 -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AirVideoServer\AirVideoServer.exe" = C:\Program Files\AirVideoServer\AirVideoServer.exe:*:Enabled:Air Video Server -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Iomega\QuikProtect\QuikProtect.exe" = C:\Program Files\Iomega\QuikProtect\QuikProtect.exe:*:Enabled:QuikProtect -- (Iomega Corporation)
"C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe" = C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe:*:Enabled:SaveTubeVideo -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EDE7573-F2B0-4FAC-8928-A7E9381BCB91}" = ArcSoft MediaImpression for Kodak
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B53FA0E4-739C-435F-9872-E3032F2E08FC}" = Iomega QuikProtect
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}" = BitDefender Antivirus Pro 2011
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"0254DF9A-618A-4A2C-A5ED-FA7115988B02" = Word Symphony from Compaq (remove only)
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9" = Orbital from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"2FDCC229-354D-4279-ABEF-CE17E355BFFA" = Five Card Frenzy from Compaq (remove only)
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only)
"8A225900-C06D-41DD-B66C-43840D472758" = Otto from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Air Video Server" = Air Video Server 2.2.7-update1
"Aiseesoft iPad Converter Suite_is1" = Aiseesoft iPad Converter Suite
"BackWeb-1940576 Uninstaller" = Compaq Connections
"BitDefender" = BitDefender Antivirus Pro 2011
"C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only)
"Compaq Instant Support" = Compaq Instant Support
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"F07504C6-20C5-4BFE-83A0-523FB2455E72" = Blackhawk Striker from Compaq (remove only)
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"FBackup 4_is1" = FBackup 4
"ie8" = Windows Internet Explorer 8
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA" =
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"Picasa 3" = Picasa 3
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"S3" = VIA/S3G Display Driver
"Signature995" = Signature995
"Switch" = Switch Sound File Converter
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#10
emeraldnzl

Posted 16 November 2010 - 07:53 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Here is the fix log

No that is an Extras log probably left over from when you first ran OTL. Good to have though.

As far as the fix log is concerned, don't worry, the new OTL scan shows it worked.

Now

Got another one to check.

Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

C:\WINDOWS\FICFKHJJ.ini

Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Next

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/10/19 21:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

When you come back please post
the Virscan report
OTL fix log
and tell me if the Saveyoutubevideo.com one has gone.

#11
tuxedobob

Posted 16 November 2010 - 08:18 PM

Member

Topic Starter
Member
64 posts

Hi,
Im not sure what happened however i didn't get the logs. The virSCAN came back clean. However a OTL log didn't get generated. THe saveyoutubevideo is still there. I ran the OTL fix again but without the reboot. This is what came up

========== OTL ==========
File C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll not found.
Folder C:\Documents and Settings\All Users\Application Data\Viewpoint\ not found.

OTL by OldTimer - Version 3.2.17.3 log created on 11162010_212205

Edited by tuxedobob, 16 November 2010 - 08:21 PM.

#12
emeraldnzl

Posted 16 November 2010 - 08:25 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Please download GooredFix and save it to your Desktop.

Double-click Goored.exe to run it.
It will automatically remove any infection it finds.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

#13
tuxedobob

Posted 16 November 2010 - 08:31 PM

Member

Topic Starter
Member
64 posts

GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:32 on 16/11/2010 (Owner)
Firefox version [Unable to determine]

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [00:16 21/08/2010]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [02:08 01/11/2008]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [19:34 27/11/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [02:11 22/12/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [02:48 11/04/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [01:56 15/11/2009]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [01:45 17/05/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\" [13:39 28/10/2010]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:44 20/07/2009]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [15:00 22/05/2010]

---------- Old Logs ----------

-=E.O.F=-

#14
emeraldnzl

Posted 16 November 2010 - 08:41 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Moving along.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

*SaveTubeVideo*
:file
*SaveTubeVideo*
*SearchToolbar*
:regfind
SaveTubeVideo

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

#15
tuxedobob

Posted 16 November 2010 - 08:48 PM

Member

Topic Starter
Member
64 posts

SystemLook 04.09.10 by jpshortstuff
Log created at 21:49 on 16/11/2010 by Owner
Administrator - Elevation successful

No Context: *SaveTubeVideo*

========== file ==========

*SaveTubeVideo* - Unable to find/read file.

*SearchToolbar* - Unable to find/read file.

========== regfind ==========

Searching for "SaveTubeVideo"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="savetubevideo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47E792CF-0BBE-4F7A-859C-194B0768650A}\InProcServer32]
@="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\FLVSplitter.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8D27088-FF5F-4B7C-98DC-0E91A1696286}\InProcServer32]
@="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\lame.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8D27089-FF5F-4B7C-98DC-0E91A1696286}\InProcServer32]
@="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\lame.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8D2708A-FF5F-4B7C-98DC-0E91A1696286}\InProcServer32]
@="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\lame.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9ECE7B3-1D8E-41F5-9F24-B255DF16C087}\InProcServer32]
@="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\FLVSplitter.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE69EDD1-F4CB-11D5-994A-000021D1FE2F}\InProcServer32]
@="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\lame.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27BA317E-7BBD-4EBE-A06A-47F076D9D6F7}\1.0\0\win32]
@="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\MinBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27BA317E-7BBD-4EBE-A06A-47F076D9D6F7}\1.0\HELPDIR]
@="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{70EF8B2A-3A34-4913-AAFC-5A2827E0B1B1}\1.0\0\win32]
@="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SaveTubeVideo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{70EF8B2A-3A34-4913-AAFC-5A2827E0B1B1}\1.0\HELPDIR]
@="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\index.htm"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe"="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe:*:Enabled:SaveTubeVideo"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe"="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe:*:Enabled:SaveTubeVideo"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe"="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe:*:Enabled:SaveTubeVideo"
[HKEY_USERS\S-1-5-21-3838025260-2590624847-291429827-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="savetubevideo"

-= EOF =-