Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

fake antivirus program virus: "antivirus software alert"

Started by syrope2 , Nov 30 2010 01:22 PM

  • This topic is locked This topic is locked

#1
syrope2
Posted 30 November 2010 - 01:22 PM

syrope2

    New Member

  • Member
  • Pip
  • 5 posts
I had to kill a couple "not usually listed in here" processes to get it to go away long enough for me to run OTL (they are not steady, they are just letters and numbers in random configurations as far as I can tell), so I'm not sure if this log is actually helpful as is. I can try to restart & run OTL in the brief minutes before it blocks files, if you think that would offer better information.

Backstory: about Thanksgiving or the day after, I got Avast warnings about a virus, so I said "move to chest" & figured no big deal, if Avast catches it it's usually fine. I did "Move to chest" twice and then this red box came up in the lower corner for "antivirus software alert" and I started getting pop ups about "cannot run this .exe as it is infected, click here to buy our antivirus software". Every browser took me to "this page is infected" but I disabled the proxy redirect and was able to search the net again, and I've been able to make the fake shield icon in the task tray (& the pop ups) disappear by killing suspiciously named processes (trial and error, really), though I'm afraid to put my passwords in anywhere until this computer boots clean. I've run Spybot, SpyWareBlaster, MalwareBytes, and SuperAntiSpyware but all it's removed are some cookies.

Please help, I got laid off last week and NEED this computer to function so I can get started on a job search. Bad timing for malware infestation! Please let me know if you need any additional info to start diagnosing

OTL logfile created on: 11/30/2010 2:03:13 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 427.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 2.70 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
Drive D: | 94.95 Gb Total Space | 4.32 Gb Free Space | 4.55% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: OLEBLUE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/30 14:02:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
PRC - [2010/11/25 20:51:23 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2010/11/22 11:29:41 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/10/30 15:39:20 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/30 15:39:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/26 11:04:48 | 000,215,552 | ---- | M] () -- C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
PRC - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/01/31 01:21:44 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/08 17:30:44 | 000,016,712 | R--- | M] () -- D:\Corel\Paint Shop Pro\CorelIOMonitor.exe
PRC - [2008/08/08 17:30:40 | 000,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/22 11:52:54 | 000,075,584 | ---- | M] (SanDisk Corporation) -- C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2007/07/27 21:16:46 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2002/05/14 09:25:36 | 029,475,088 | ---- | M] (Oracle Corporation) -- d:\oracle\ora92\bin\oracle.exe
PRC - [2002/04/27 01:31:00 | 000,577,536 | ---- | M] () -- d:\oracle\ora92\bin\isqlplus
PRC - [2002/04/18 21:40:28 | 000,020,547 | ---- | M] () -- D:\oracle\ora92\jdk\bin\java.exe


========== Modules (SafeList) ==========

MOD - [2010/11/30 14:02:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Acceleration Software\Anti-Virus\sstsmonsvc.dll -- (sstsmonsvc)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe -- (eac_productsvc)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_notifysvc.dll -- (eac_notifysvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/01/31 01:21:44 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/15 17:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/24 19:33:24 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\ora92/bin/pagntsrv.exe -- (OracleOraHome92PagingServer)
SRV - [2003/03/08 23:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/14 09:25:36 | 029,475,088 | ---- | M] (Oracle Corporation) [Auto | Running] -- d:\oracle\ora92\bin\ORACLE.EXE -- (OracleServicePROJEMP)
SRV - [2002/05/14 09:25:36 | 029,475,088 | ---- | M] (Oracle Corporation) [Auto | Running] -- d:\oracle\ora92\bin\ORACLE.EXE -- (OracleServiceDHARRIS)
SRV - [2002/04/30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- D:\oracle\ora92\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2002/04/26 19:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)
SRV - [2002/04/26 19:34:34 | 000,266,192 | ---- | M] () [Auto | Stopped] -- D:\oracle\ora92\BIN\TNSLSNR.exe -- (OracleOraHome92TNSListener)
SRV - [2002/04/26 17:29:26 | 000,028,944 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- D:\oracle\ora92\bin\agntsrvc.exe -- (OracleOraHome92Agent)
SRV - [2002/04/18 22:02:56 | 000,004,096 | ---- | M] () [Auto | Stopped] -- D:\oracle\ora92\Apache\Apache\apache.exe -- (OracleOraHome92HTTPServer)
SRV - [2002/02/13 08:23:20 | 000,187,392 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\ora92\bin\encsvc.exe -- (OracleOraHome92SNMPPeerEncapsulator)
SRV - [2002/02/13 08:23:18 | 000,254,464 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\ora92\bin\agntsvc.exe -- (OracleOraHome92SNMPPeerMasterAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ADSFilter.sys -- (ADSFilter) ADSFilter - (Aluria Filter Driver)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/24 18:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 18:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/05/16 11:25:34 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/05/09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/07/31 20:14:41 | 000,062,865 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/17 22:41:16 | 000,386,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netwg311.sys -- (netwg311)
DRV - [2003/02/12 06:16:10 | 000,389,504 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/10/08 05:03:15 | 000,007,582 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2002/06/05 18:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2002/05/07 08:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "http://www.netflix.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.527
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 15:39:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/27 13:15:48 | 000,000,000 | ---D | M]

[2008/07/06 19:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/11/30 10:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions
[2010/11/06 08:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/03 12:31:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/03 00:46:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/30 14:30:26 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2010/10/19 11:42:08 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2010/04/19 08:57:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2006/05/23 18:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{909409b9-2e3b-4682-a5d1-71ca80a76456}
[2006/11/04 08:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{9b9d2aaa-ae26-4447-a7a1-633a32b19ddd}
[2010/10/19 11:42:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/09 15:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/03/30 14:30:15 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2010/11/06 08:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\[email protected]
[2010/11/30 10:18:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/05/14 20:05:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/30 16:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/07/15 19:41:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (DWABrowserHlprObj Class) - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll (IBM Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\7.0.517.44\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Corel File Shell Monitor] D:\Corel\Paint Shop Pro\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Photozig Albums Media Detector] C:\Program Files\Photozig Albums\pzAlbumsDetect.exe ()
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [vqtefyrw] C:\DOCUME~1\Owner\LOCALS~1\Temp\dweqlrgds\chhqwaytsbl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files\Digsby\digsby.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\digsby.lnk = C:\Program Files\Digsby\digsby.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.co...ll/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://www.facebook....b?1265827816000 (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader2.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.w...ler/install.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineco...loadcontrol.cab (InetDownload Class)
O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetu...ader_200909.cab (MeetUploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://domino5.wcpss.net/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.del...ll/gtdownde.cab (AutoFix Launcher Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\7.0.517.44\npchrome_frame.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/05 13:23:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/30 14:02:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/11/27 13:39:35 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/11/22 09:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Corel Auto-Preserve
[2010/11/21 17:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\fall 2010
[2010/11/21 17:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\nov2010
[2010/11/17 12:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Carsie Blanton

========== Files - Modified Within 30 Days ==========

[2010/11/30 14:02:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/11/30 13:36:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/30 13:09:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-823518204-682003330-1003UA.job
[2010/11/30 04:36:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/29 18:09:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-823518204-682003330-1003Core.job
[2010/11/29 13:47:44 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/11/29 13:46:06 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/11/29 13:37:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/29 13:34:54 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/29 13:34:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/27 13:41:08 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/27 13:39:40 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/11/26 01:34:06 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Digsby.lnk
[2010/11/26 01:34:06 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Digsby.lnk
[2010/11/26 01:34:06 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\digsby.lnk
[2010/11/26 00:44:32 | 020,332,040 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\digsby_setup85.exe
[2010/11/25 23:18:29 | 000,033,460 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SF17-4697.jpg
[2010/11/24 01:37:07 | 000,000,848 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/11/22 09:50:51 | 001,081,897 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_9162.jpg
[2010/11/22 07:45:26 | 000,205,312 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/21 13:03:40 | 000,044,371 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume.pdf
[2010/11/21 13:03:02 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume.doc
[2010/11/20 19:50:51 | 000,109,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\worstmovies.jpg
[2010/11/20 02:47:36 | 000,062,170 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\987bcg.jpg
[2010/11/15 14:44:50 | 162,387,547 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Girl_Talk_-_All_Day_(IA123)_mp3s.zip
[2010/11/10 15:14:46 | 000,045,225 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_Nov2010.pdf
[2010/11/10 15:14:12 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_long.doc
[2010/11/10 14:43:52 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_ta.doc
[2010/11/10 10:50:18 | 000,007,498 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0.jpg
[2010/11/10 09:57:47 | 000,070,134 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\102262957-1289401062.pdf
[2010/11/09 16:14:41 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_withobj.doc
[2010/11/09 11:32:41 | 000,070,195 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\349160586-1289320380.pdf
[2010/11/09 09:26:19 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 09:26:19 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 01:54:19 | 057,340,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The_Magnetic_Fields_-_Holiday.zip
[2010/11/03 19:52:56 | 000,033,042 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HH.jpg
[2010/11/03 19:15:22 | 000,041,466 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\73917_10100297633397103_2203241_60407953_2840374_n.jpg
[2010/11/03 14:39:22 | 000,034,482 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\76657_10100297633701493_2203241_60407962_1347482_n.jpg
[2010/11/03 14:38:55 | 000,052,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\149800_10100297646106633_2203241_60408215_7122618_n.jpg

========== Files Created - No Company Name ==========

[2010/11/29 13:49:47 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/11/29 13:49:45 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/11/27 13:41:08 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/26 01:34:06 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Digsby.lnk
[2010/11/26 00:43:56 | 020,332,040 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\digsby_setup85.exe
[2010/11/25 23:18:28 | 000,033,460 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SF17-4697.jpg
[2010/11/22 07:50:11 | 001,081,897 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_9162.jpg
[2010/11/20 19:50:44 | 000,109,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\worstmovies.jpg
[2010/11/20 02:47:32 | 000,062,170 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\987bcg.jpg
[2010/11/15 14:11:45 | 162,387,547 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Girl_Talk_-_All_Day_(IA123)_mp3s.zip
[2010/11/10 15:04:13 | 000,045,225 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_Nov2010.pdf
[2010/11/10 14:43:52 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_ta.doc
[2010/11/10 14:41:29 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_long.doc
[2010/11/10 10:50:17 | 000,007,498 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0.jpg
[2010/11/10 09:57:46 | 000,070,134 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\102262957-1289401062.pdf
[2010/11/09 16:14:40 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_withobj.doc
[2010/11/09 11:32:40 | 000,070,195 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\349160586-1289320380.pdf
[2010/11/08 01:51:22 | 057,340,478 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The_Magnetic_Fields_-_Holiday.zip
[2010/11/03 19:52:56 | 000,033,042 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HH.jpg
[2010/11/03 19:15:22 | 000,041,466 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\73917_10100297633397103_2203241_60407953_2840374_n.jpg
[2010/11/03 14:39:21 | 000,034,482 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\76657_10100297633701493_2203241_60407962_1347482_n.jpg
[2010/11/03 14:38:46 | 000,052,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\149800_10100297646106633_2203241_60408215_7122618_n.jpg
[2010/07/12 13:28:30 | 000,000,017 | ---- | C] () -- C:\Program Files\Common Files\winafx.log
[2010/02/22 15:28:33 | 000,000,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/12/30 08:17:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/11/18 11:29:04 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/18 11:29:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/22 23:08:05 | 000,000,056 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/05/27 18:16:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll
[2008/05/16 11:25:57 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 11:25:56 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 11:25:52 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 11:25:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/05/16 11:25:47 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/10 00:45:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/10 00:42:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4400.ini
[2007/08/01 23:19:46 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/07/22 13:20:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2007/07/20 22:47:13 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
[2007/05/09 19:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/02/03 20:43:48 | 000,018,748 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2007/02/03 19:33:46 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/02/03 14:54:07 | 000,001,428 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HPCOM_48BitScanUpdate.log
[2007/02/03 14:54:07 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/01/02 19:01:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/12/24 15:12:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\RATS.INI
[2006/11/26 20:00:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2006/11/05 23:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/10/21 12:59:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/09/24 20:53:56 | 000,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 20:53:44 | 002,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 20:52:06 | 000,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006/05/14 16:00:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/09 20:41:06 | 000,000,330 | ---- | C] () -- C:\WINDOWS\RBuilder.ini
[2006/02/24 15:54:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2006/01/16 09:56:17 | 000,205,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/30 01:11:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2005/12/27 10:28:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2005/10/14 22:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2005/09/05 20:40:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/05 13:58:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/09/05 12:27:02 | 000,001,436 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/09/05 11:29:00 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\counter.cfg
[2005/09/05 06:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/02/01 14:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/03/08 23:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/07/30 09:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== LOP Check ==========

[2006/07/11 05:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/03/30 08:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eAcceleration
[2010/01/22 09:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2007/12/10 00:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/07/18 00:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/10/05 13:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2007/07/26 09:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/06/18 09:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2007/02/03 19:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/11/27 01:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/09 19:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/01/01 19:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2006/07/31 20:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{70FE9869-8D38-4EB3-8541-A735C2285CF7}
[2009/12/08 21:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/10/26 00:30:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
[2007/07/22 20:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.gaim
[2010/11/27 00:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.purple
[2008/07/13 12:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2009/11/18 11:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Braid
[2007/07/27 09:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2010/10/07 15:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.1minus1.socialsafe.D675411CF670AA3EFAC13BDD847989BEDE2115E2.1
[2009/05/19 21:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Crayon Physics Deluxe
[2007/02/03 20:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\deskPDF
[2010/11/29 13:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2009/03/30 08:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eAcceleration
[2009/08/27 22:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Eyeblaster
[2010/03/04 17:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2010/05/05 13:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Audio Editor
[2010/06/01 13:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2010/05/05 12:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Get from YouTube
[2009/09/25 14:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/06/22 23:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2006/07/10 20:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Juniper Networks
[2007/07/21 15:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/03/31 01:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ManyCam
[2009/09/17 13:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Photozig Albums
[2009/02/18 10:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pingus
[2007/07/26 09:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2006/03/11 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Registry Booster(2)
[2006/06/07 20:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScamBlocker
[2007/02/03 19:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2008/12/04 14:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPORE
[2008/07/09 07:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StumbleUpon
[2007/03/19 21:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/04/21 15:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio Viewer
[2007/12/09 19:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Viewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
SweetTech
Posted 30 November 2010 - 05:55 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :D
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here. ;)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [vqtefyrw] C:\DOCUME~1\Owner\LOCALS~1\Temp\dweqlrgds\chhqwaytsbl.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://www.facebook....b?1265827816000 (Reg Error: Key error.)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.w...ler/install.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cf - No CLSID value found
:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:


OTL Custom Scan

  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
syrope2
Posted 30 November 2010 - 11:12 PM

syrope2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi SweetTech! So glad to hear from you :D

Here's the OTL Fix log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vqtefyrw deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {32C3FEAE-0877-4767-8C20-62A5829A0945}
C:\WINDOWS\Downloaded Program Files\axfbootloader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Starting removal of ActiveX control {74C861A1-D548-4916-BC8A-FDE92EDFF62C}
C:\WINDOWS\Downloaded Program Files\Setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cf\ deleted successfully.
File Protocol\Handler\cf - No CLSID value found not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6531588 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112094 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 455652318 bytes
->Temporary Internet Files folder emptied: 338213373 bytes
->Java cache emptied: 107438 bytes
->FireFox cache emptied: 67274262 bytes
->Flash cache emptied: 120986 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 885022 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26488128 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 93946 bytes

Total Files Cleaned = 854.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11302010_190008

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_40c.dat moved successfully.

Registry entries deleted on Reboot...


---------------------

And the GMER log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-30 23:48:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y120P0 rev.YAR41BW0
Running: gd03gjxo.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pfldapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF32076B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3207574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3207A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF320714C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF320764E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF320708C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF32070F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF320776E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF320772E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF32078AE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF3315620]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5B0A360, 0x372FAD, 0xE8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF59E4F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1420] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3820] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[480] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[480] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


And the results of the OTL custom scan, OTL first, then Extras:

OTL logfile created on: 11/30/2010 11:54:48 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 424.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 3.73 Gb Free Space | 19.08% Space Free | Partition Type: NTFS
Drive D: | 94.95 Gb Total Space | 4.32 Gb Free Space | 4.55% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: OLEBLUE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/30 23:52:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/11/25 20:51:23 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2010/11/22 11:29:41 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/10/30 15:39:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/26 11:04:48 | 000,215,552 | ---- | M] () -- C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
PRC - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/01/31 01:21:44 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/08 17:30:44 | 000,016,712 | R--- | M] () -- D:\Corel\Paint Shop Pro\CorelIOMonitor.exe
PRC - [2008/08/08 17:30:40 | 000,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/22 11:52:54 | 000,075,584 | ---- | M] (SanDisk Corporation) -- C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2007/07/27 21:16:46 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/21 13:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2004/10/14 13:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/10/14 11:32:18 | 000,450,560 | ---- | M] () -- C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
PRC - [2002/05/14 09:25:36 | 029,475,088 | ---- | M] (Oracle Corporation) -- d:\oracle\ora92\bin\oracle.exe
PRC - [2002/04/30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) -- D:\oracle\ora92\bin\omtsreco.exe
PRC - [2002/04/27 01:31:00 | 000,577,536 | ---- | M] () -- d:\oracle\ora92\bin\isqlplus
PRC - [2002/04/18 22:02:56 | 000,004,096 | ---- | M] () -- D:\oracle\ora92\Apache\Apache\Apache.exe
PRC - [2002/04/18 21:40:28 | 000,020,547 | ---- | M] () -- D:\oracle\ora92\jdk\bin\java.exe


========== Modules (SafeList) ==========

MOD - [2010/11/30 23:52:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/12/21 18:35:52 | 000,378,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
MOD - [2009/12/08 20:19:44 | 000,094,208 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/06/05 22:36:04 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\msvcp71.dll
MOD - [2008/06/05 22:36:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\msvcr71.dll
MOD - [2008/04/13 19:11:51 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dbghelp.dll
MOD - [2005/12/19 19:16:10 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Acceleration Software\Anti-Virus\sstsmonsvc.dll -- (sstsmonsvc)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe -- (eac_productsvc)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_notifysvc.dll -- (eac_notifysvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/01/31 01:21:44 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/15 17:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/24 19:33:24 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\ora92/bin/pagntsrv.exe -- (OracleOraHome92PagingServer)
SRV - [2003/03/08 23:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/14 09:25:36 | 029,475,088 | ---- | M] (Oracle Corporation) [Auto | Running] -- d:\oracle\ora92\bin\ORACLE.EXE -- (OracleServicePROJEMP)
SRV - [2002/05/14 09:25:36 | 029,475,088 | ---- | M] (Oracle Corporation) [Auto | Running] -- d:\oracle\ora92\bin\ORACLE.EXE -- (OracleServiceDHARRIS)
SRV - [2002/04/30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) [Auto | Running] -- D:\oracle\ora92\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2002/04/26 19:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)
SRV - [2002/04/26 19:34:34 | 000,266,192 | ---- | M] () [Auto | Stopped] -- D:\oracle\ora92\BIN\TNSLSNR.exe -- (OracleOraHome92TNSListener)
SRV - [2002/04/26 17:29:26 | 000,028,944 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- D:\oracle\ora92\bin\agntsrvc.exe -- (OracleOraHome92Agent)
SRV - [2002/04/18 22:02:56 | 000,004,096 | ---- | M] () [Auto | Running] -- D:\oracle\ora92\Apache\Apache\apache.exe -- (OracleOraHome92HTTPServer)
SRV - [2002/02/13 08:23:20 | 000,187,392 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\ora92\bin\encsvc.exe -- (OracleOraHome92SNMPPeerEncapsulator)
SRV - [2002/02/13 08:23:18 | 000,254,464 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\ora92\bin\agntsvc.exe -- (OracleOraHome92SNMPPeerMasterAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ADSFilter.sys -- (ADSFilter) ADSFilter - (Aluria Filter Driver)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/24 18:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 18:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/05/16 11:25:34 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/05/09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/07/31 20:14:41 | 000,062,865 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/17 22:41:16 | 000,386,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netwg311.sys -- (netwg311)
DRV - [2003/02/12 06:16:10 | 000,389,504 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/10/08 05:03:15 | 000,007,582 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2002/06/05 18:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2002/05/07 08:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "http://www.netflix.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.527
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 15:39:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/27 13:15:48 | 000,000,000 | ---D | M]

[2008/07/06 19:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/11/30 10:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions
[2010/11/06 08:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/03 12:31:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/03 00:46:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/30 14:30:26 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2010/10/19 11:42:08 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2010/04/19 08:57:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2006/05/23 18:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{909409b9-2e3b-4682-a5d1-71ca80a76456}
[2006/11/04 08:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{9b9d2aaa-ae26-4447-a7a1-633a32b19ddd}
[2010/10/19 11:42:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/09 15:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/03/30 14:30:15 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2010/11/06 08:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\[email protected]
[2010/11/30 10:18:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/05/14 20:05:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/30 16:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/11/30 19:00:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (DWABrowserHlprObj Class) - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll (IBM Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\7.0.517.44\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Corel File Shell Monitor] D:\Corel\Paint Shop Pro\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Photozig Albums Media Detector] C:\Program Files\Photozig Albums\pzAlbumsDetect.exe ()
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files\Digsby\digsby.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\digsby.lnk = C:\Program Files\Digsby\digsby.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.co...ll/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader2.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineco...loadcontrol.cab (InetDownload Class)
O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetu...ader_200909.cab (MeetUploader Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://domino5.wcpss.net/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.del...ll/gtdownde.cab (AutoFix Launcher Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\7.0.517.44\npchrome_frame.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/05 13:23:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2010/11/30 23:52:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/30 19:00:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/30 14:02:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/11/27 13:39:35 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/11/22 09:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Corel Auto-Preserve
[2010/11/21 17:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\fall 2010
[2010/11/21 17:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\nov2010
[2010/11/17 12:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Carsie Blanton

========== Files - Modified Within 30 Days ==========

[2010/11/30 23:52:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/30 23:36:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/30 23:09:05 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-823518204-682003330-1003UA.job
[2010/11/30 19:15:29 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gd03gjxo.exe
[2010/11/30 19:09:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/30 19:07:24 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/30 19:07:03 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/30 19:06:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/30 19:00:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/30 18:09:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-823518204-682003330-1003Core.job
[2010/11/30 14:02:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/11/29 13:47:44 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/11/29 13:46:06 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/11/27 13:41:08 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/27 13:39:40 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/11/26 01:34:06 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Digsby.lnk
[2010/11/26 01:34:06 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Digsby.lnk
[2010/11/26 01:34:06 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\digsby.lnk
[2010/11/26 00:44:32 | 020,332,040 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\digsby_setup85.exe
[2010/11/25 23:18:29 | 000,033,460 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SF17-4697.jpg
[2010/11/24 01:37:07 | 000,000,848 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/11/22 09:50:51 | 001,081,897 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_9162.jpg
[2010/11/22 07:45:26 | 000,205,312 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/21 13:03:40 | 000,044,371 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume.pdf
[2010/11/21 13:03:02 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume.doc
[2010/11/20 19:50:51 | 000,109,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\worstmovies.jpg
[2010/11/20 02:47:36 | 000,062,170 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\987bcg.jpg
[2010/11/15 14:44:50 | 162,387,547 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Girl_Talk_-_All_Day_(IA123)_mp3s.zip
[2010/11/10 15:14:46 | 000,045,225 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_Nov2010.pdf
[2010/11/10 15:14:12 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_long.doc
[2010/11/10 14:43:52 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_ta.doc
[2010/11/10 10:50:18 | 000,007,498 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0.jpg
[2010/11/10 09:57:47 | 000,070,134 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\102262957-1289401062.pdf
[2010/11/09 16:14:41 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_withobj.doc
[2010/11/09 11:32:41 | 000,070,195 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\349160586-1289320380.pdf
[2010/11/09 09:26:19 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 09:26:19 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 01:54:19 | 057,340,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The_Magnetic_Fields_-_Holiday.zip
[2010/11/03 19:52:56 | 000,033,042 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HH.jpg
[2010/11/03 19:15:22 | 000,041,466 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\73917_10100297633397103_2203241_60407953_2840374_n.jpg
[2010/11/03 14:39:22 | 000,034,482 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\76657_10100297633701493_2203241_60407962_1347482_n.jpg
[2010/11/03 14:38:55 | 000,052,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\149800_10100297646106633_2203241_60408215_7122618_n.jpg

========== Files Created - No Company Name ==========

[2010/11/30 19:15:32 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gd03gjxo.exe
[2010/11/29 13:49:47 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/11/29 13:49:45 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/11/27 13:41:08 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/26 01:34:06 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Digsby.lnk
[2010/11/26 00:43:56 | 020,332,040 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\digsby_setup85.exe
[2010/11/25 23:18:28 | 000,033,460 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SF17-4697.jpg
[2010/11/22 07:50:11 | 001,081,897 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_9162.jpg
[2010/11/20 19:50:44 | 000,109,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\worstmovies.jpg
[2010/11/20 02:47:32 | 000,062,170 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\987bcg.jpg
[2010/11/15 14:11:45 | 162,387,547 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Girl_Talk_-_All_Day_(IA123)_mp3s.zip
[2010/11/10 15:04:13 | 000,045,225 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_Nov2010.pdf
[2010/11/10 14:43:52 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_ta.doc
[2010/11/10 14:41:29 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_long.doc
[2010/11/10 10:50:17 | 000,007,498 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0.jpg
[2010/11/10 09:57:46 | 000,070,134 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\102262957-1289401062.pdf
[2010/11/09 16:14:40 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_withobj.doc
[2010/11/09 11:32:40 | 000,070,195 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\349160586-1289320380.pdf
[2010/11/08 01:51:22 | 057,340,478 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The_Magnetic_Fields_-_Holiday.zip
[2010/11/03 19:52:56 | 000,033,042 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HH.jpg
[2010/11/03 19:15:22 | 000,041,466 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\73917_10100297633397103_2203241_60407953_2840374_n.jpg
[2010/11/03 14:39:21 | 000,034,482 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\76657_10100297633701493_2203241_60407962_1347482_n.jpg
[2010/11/03 14:38:46 | 000,052,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\149800_10100297646106633_2203241_60408215_7122618_n.jpg
[2010/07/12 13:28:30 | 000,000,017 | ---- | C] () -- C:\Program Files\Common Files\winafx.log
[2010/02/22 15:28:33 | 000,000,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/12/30 08:17:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/11/18 11:29:04 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/18 11:29:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/22 23:08:05 | 000,000,056 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/05/27 18:16:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll
[2008/05/16 11:25:57 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 11:25:56 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 11:25:52 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 11:25:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/05/16 11:25:47 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/10 00:45:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/10 00:42:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4400.ini
[2007/08/01 23:19:46 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/07/22 13:20:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2007/07/20 22:47:13 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
[2007/05/09 19:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/02/03 20:43:48 | 000,018,748 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2007/02/03 19:33:46 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/02/03 14:54:07 | 000,001,428 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HPCOM_48BitScanUpdate.log
[2007/02/03 14:54:07 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/01/02 19:01:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/12/24 15:12:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\RATS.INI
[2006/11/26 20:00:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2006/11/05 23:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/10/21 12:59:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/09/24 20:53:56 | 000,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 20:53:44 | 002,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 20:52:06 | 000,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006/05/14 16:00:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/09 20:41:06 | 000,000,330 | ---- | C] () -- C:\WINDOWS\RBuilder.ini
[2006/02/24 15:54:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2006/01/16 09:56:17 | 000,205,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/30 01:11:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2005/12/27 10:28:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2005/10/14 22:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2005/09/05 20:40:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/05 13:58:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/09/05 12:27:02 | 000,001,436 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/09/05 11:29:00 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\counter.cfg
[2005/09/05 06:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/02/01 14:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/03/08 23:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/07/30 09:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 11/30/2010 11:54:48 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 424.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 3.73 Gb Free Space | 19.08% Space Free | Partition Type: NTFS
Drive D: | 94.95 Gb Total Space | 4.32 Gb Free Space | 4.55% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: OLEBLUE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "D:\Corel\Paint Shop Pro\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\oracle\ora92\Apache\Apache\Apache.exe" = D:\oracle\ora92\Apache\Apache\Apache.exe:*:Enabled:Apache -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)
"C:\Program Files\Steam\steamapps\common\peggle deluxe\Peggle.exe" = C:\Program Files\Steam\steamapps\common\peggle deluxe\Peggle.exe:*:Enabled:Peggle Deluxe -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{471B83B9-29D8-41EC-9974-56BB8A457A8B}" = EPSON Stylus CX4400 Series Scanner Driver Update
"{4C05DD50-676B-37FC-01B4-76B616EB1D65}" = SocialSafe
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8D03A164-B586-4318-AFE6-870A5E2739C1}" = PHOTORECOVERY LE
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{936D42B8-FE51-41D5-A74A-6182F6CDB17B}" = NETGEAR WG311v2 802.11g Wireless PCI Adapter
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A5B5B6D8-DE44-44A3-90C4-8C07A1E0FAD4}" = WBFS Manager 2.5
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB4EDC19-3B5E-4838-80E7-92454323B0FE}" = Garmin VoiceStudio v2.10
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}" = EA Download Manager UI
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}" = Sansa Updater
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F8722041-B63A-47FB-82A8-5F0977E1CF45}" = TWC Customer Controls
"7-Zip" = 7-Zip 4.42
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ArtistScope Plugin IE 424.2.0.0" = ArtistScope Plugin IE 42
"avast!" = avast! Antivirus
"Blaze Media Pro" = Blaze Media Pro
"Canon MP160 User Registration" = Canon MP160 User Registration
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"CCleaner" = CCleaner (remove only)
"Citrix ICA Client" = Citrix ICA Client
"com.1minus1.socialsafe.D675411CF670AA3EFAC13BDD847989BEDE2115E2.1" = SocialSafe
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Cool MP3 Splitter_is1" = Cool MP3 Splitter 3.0
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 53
"DellSupport" = Dell Support 5.0.0 (630)
"deskPDF 2.5 Standard_is1" = deskPDF 2.5 Standard Edition
"Digsby" = Digsby
"EA Download Manager" = EA Download Manager
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Falco GIF Animator_is1" = Falco GIF Animator 2.0
"Free Audio Editor" = Free Audio Editor
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.3
"Free Studio_is1" = Free Studio version 4.3
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.4
"GIF Animator" = Microsoft GIF Animator
"Google Chrome Frame" = Google Chrome Frame
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"Hoyle Board Games 3" = Hoyle Board Games 3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImageSkill Background Remover 3" = ImageSkill Background Remover 3
"InCD!UninstallKey" = Ahead InCD
"InstallShield_{936D42B8-FE51-41D5-A74A-6182F6CDB17B}" = NETGEAR WG311v2 802.11g Wireless PCI Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Movies" = Movies
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Ahead NeroMediaPlayer
"NVIDIA Drivers" = NVIDIA Drivers
"Photozig Albums_is1" = Photozig Albums 1.0
"Pidgin" = Pidgin
"Pingus" = Pingus
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealArcade" = RealArcade
"Silent Package Run-Time Sample" = EPSON CX4400 Series User's Guide
"splash" = Splash
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster 4.1
"Steam App 26810" = Braid Demo
"Steam App 3480" = Peggle Deluxe
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"USB Driver Vers. 3.2" = USB Driver Vers. 3.2
"Video to GIF Converter_is1" = Video to GIF Converter 4.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 6/12/2009 3:55:48 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Puzzle Series 10.nds failed, 0000A413.

Error - 6/12/2009 3:55:49 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Puzzle Series 10.sav failed, 0000A413.

Error - 6/12/2009 3:55:52 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Puzzle Series 11.nds failed, 0000A413.

Error - 6/12/2009 3:56:39 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\Death Jr and the Science Fair of Doom.sav failed, 0000A413.

Error - 6/12/2009 3:56:43 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Death Jr and the Science Fair of Doom.sav failed, 0000A413.

Error - 6/12/2009 3:57:40 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\Chameleon To Die For.nds failed, 0000A413.

Error - 6/12/2009 3:57:48 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\Chameleon To Die For.SAV failed, 0000A413.

Error - 6/12/2009 3:57:55 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Chameleon To Die For.nds failed, 0000A413.

Error - 6/12/2009 3:57:55 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Chameleon To Die For.SAV failed, 0000A413.

Error - 12/15/2009 12:11:23 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5DEX3B9M\left_disabled[2]
failed, 00000005.

[ Application Events ]
Error - 11/29/2010 9:43:23 AM | Computer Name = OLEBLUE | Source = OracleOraHome92Agent | ID = 131076
Description = Agent process exited abnormally during initialization.

Error - 11/29/2010 2:35:44 PM | Computer Name = OLEBLUE | Source = Apache Service | ID = 3299
Description = The Apache service named OracleOraHome92HTTPServer reported the following
error: >>> [Mon Nov 29 13:35:44 2010] [warn] pid file d:/oracle/ora92/apache/apache/logs/httpd.pid
overwritten -- Unclean shutdown of previous Apache run? <<< before the error.log
file could be opened. More information may be available in the error.log file.
.

Error - 11/29/2010 2:35:49 PM | Computer Name = OLEBLUE | Source = OracleOraHome92Agent | ID = 131076
Description = Agent process exited abnormally during initialization.

Error - 11/29/2010 2:35:57 PM | Computer Name = OLEBLUE | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 11/30/2010 3:03:09 PM | Computer Name = OLEBLUE | Source = Application Hang | ID = 1002
Description = Hanging application OTL.scr, version 3.2.17.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/30/2010 8:08:00 PM | Computer Name = OLEBLUE | Source = Apache Service | ID = 3299
Description = The Apache service named apache.exe reported the following error: >>>
[Tue Nov 30 19:08:00 2010] [warn] pid file d:/oracle/ora92/apache/apache/logs/httpd.pid
overwritten -- Unclean shutdown of previous Apache run? <<< before the error.log
file could be opened. More information may be available in the error.log file.
.

Error - 11/30/2010 8:08:04 PM | Computer Name = OLEBLUE | Source = OracleOraHome92Agent | ID = 131076
Description = Agent process exited abnormally during initialization.

Error - 11/30/2010 8:08:23 PM | Computer Name = OLEBLUE | Source = Application Error | ID = 1000
Description = Faulting application agntsrvc.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/1/2010 12:53:58 AM | Computer Name = OLEBLUE | Source = Application Hang | ID = 1002
Description = Hanging application digsby-app.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2010 12:53:59 AM | Computer Name = OLEBLUE | Source = Application Hang | ID = 1002
Description = Hanging application digsby-app.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/30/2010 8:10:13 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 11/30/2010 8:10:48 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 11/30/2010 8:10:48 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 11/30/2010 8:11:28 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 11/30/2010 8:11:28 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 11/30/2010 8:12:00 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 11/30/2010 8:12:00 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 11/30/2010 8:12:30 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 11/30/2010 8:12:30 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 11/30/2010 8:13:12 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).


< End of report >


Thank you!
  • 0

#4
SweetTech
Posted 01 December 2010 - 01:12 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

How are things running?

Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.


NEXT



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#5
syrope2
Posted 01 December 2010 - 11:45 PM

syrope2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I just tried a reboot to see if the offending pop-ups and things came around, and they didn't. I notice that SUPERAntiSpyware launches on startup now, and stays open...is that what it's supposed to do? In that case it looks like it's all fixed?

I installed java successfully, and here are the logs:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/1/2010 3:38:11 PM
mbam-log-2010-12-01 (15-38-11).txt

Scan type: Quick scan
Objects scanned: 144325
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------

ESETScan found this:

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\isapnp.sys.vir Win32/Olmarik.ZC trojan

-------------------------------------------------


Results of screen317's Security Check version 0.99.6
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Antivirus
ESET Online Scanner v3
avast! successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 22
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.1
Japanese Fonts Support For Adobe Reader 9
Mozilla Firefox (3.6.12)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
  • 0

#6
SweetTech
Posted 02 December 2010 - 10:48 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

We will deal with the file that ESET Online Scanner found shortly.

Your copy of Spybot seems to be outdated. I suggest you upgrade it to the latest version.

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Custom Scan


  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#7
syrope2
Posted 02 December 2010 - 01:34 PM

syrope2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Alright, updated spybot & adobe; here are my logs


OTL logfile created on: 12/2/2010 2:19:44 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 379.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 3.62 Gb Free Space | 18.53% Space Free | Partition Type: NTFS
Drive D: | 94.95 Gb Total Space | 4.32 Gb Free Space | 4.55% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: OLEBLUE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/02 14:18:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/11/29 10:42:56 | 000,339,344 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
PRC - [2010/11/25 20:51:23 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2010/11/22 11:29:41 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/10/30 15:39:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/26 11:04:48 | 000,215,552 | ---- | M] () -- C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
PRC - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/01/31 01:21:44 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/08 17:30:44 | 000,016,712 | R--- | M] () -- D:\Corel\Paint Shop Pro\CorelIOMonitor.exe
PRC - [2008/08/08 17:30:40 | 000,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/22 11:52:54 | 000,075,584 | ---- | M] (SanDisk Corporation) -- C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2007/07/27 21:16:46 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/21 13:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2004/10/14 13:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/10/14 11:32:18 | 000,450,560 | ---- | M] () -- C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
PRC - [2002/05/14 09:25:36 | 029,475,088 | ---- | M] (Oracle Corporation) -- d:\oracle\ora92\bin\oracle.exe
PRC - [2002/04/30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) -- D:\oracle\ora92\bin\omtsreco.exe
PRC - [2002/04/27 01:31:00 | 000,577,536 | ---- | M] () -- d:\oracle\ora92\bin\isqlplus
PRC - [2002/04/18 22:02:56 | 000,004,096 | ---- | M] () -- D:\oracle\ora92\Apache\Apache\Apache.exe
PRC - [2002/04/18 21:40:28 | 000,020,547 | ---- | M] () -- D:\oracle\ora92\jdk\bin\java.exe


========== Modules (SafeList) ==========

MOD - [2010/12/02 14:18:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/12/08 20:19:44 | 000,094,208 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
MOD - [2008/06/05 22:36:04 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\msvcp71.dll
MOD - [2008/06/05 22:36:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\msvcr71.dll
MOD - [2008/04/13 19:11:51 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dbghelp.dll
MOD - [2005/12/19 19:16:10 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Acceleration Software\Anti-Virus\sstsmonsvc.dll -- (sstsmonsvc)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe -- (eac_productsvc)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_notifysvc.dll -- (eac_notifysvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/29 10:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Running] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/01/31 01:21:44 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/15 17:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/24 19:33:24 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\ora92/bin/pagntsrv.exe -- (OracleOraHome92PagingServer)
SRV - [2003/03/08 23:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/14 09:25:36 | 029,475,088 | ---- | M] (Oracle Corporation) [Auto | Running] -- d:\oracle\ora92\bin\ORACLE.EXE -- (OracleServicePROJEMP)
SRV - [2002/05/14 09:25:36 | 029,475,088 | ---- | M] (Oracle Corporation) [Auto | Running] -- d:\oracle\ora92\bin\ORACLE.EXE -- (OracleServiceDHARRIS)
SRV - [2002/04/30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) [Auto | Running] -- D:\oracle\ora92\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2002/04/26 19:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)
SRV - [2002/04/26 19:34:34 | 000,266,192 | ---- | M] () [Auto | Stopped] -- D:\oracle\ora92\BIN\TNSLSNR.exe -- (OracleOraHome92TNSListener)
SRV - [2002/04/26 17:29:26 | 000,028,944 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- D:\oracle\ora92\bin\agntsrvc.exe -- (OracleOraHome92Agent)
SRV - [2002/04/18 22:02:56 | 000,004,096 | ---- | M] () [Auto | Running] -- D:\oracle\ora92\Apache\Apache\apache.exe -- (OracleOraHome92HTTPServer)
SRV - [2002/02/13 08:23:20 | 000,187,392 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\ora92\bin\encsvc.exe -- (OracleOraHome92SNMPPeerEncapsulator)
SRV - [2002/02/13 08:23:18 | 000,254,464 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\ora92\bin\agntsvc.exe -- (OracleOraHome92SNMPPeerMasterAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ADSFilter.sys -- (ADSFilter) ADSFilter - (Aluria Filter Driver)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/24 18:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 18:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/05/16 11:25:34 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/05/09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/07/31 20:14:41 | 000,062,865 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/17 22:41:16 | 000,386,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netwg311.sys -- (netwg311)
DRV - [2003/02/12 06:16:10 | 000,389,504 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/10/08 05:03:15 | 000,007,582 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2002/06/05 18:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2002/05/07 08:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "http://www.netflix.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.527
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/02 14:13:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/02 14:17:22 | 000,000,000 | ---D | M]

[2008/07/06 19:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/12/02 14:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions
[2010/11/06 08:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/03 12:31:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/03 00:46:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/30 14:30:26 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2010/10/19 11:42:08 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2010/04/19 08:57:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2006/05/23 18:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{909409b9-2e3b-4682-a5d1-71ca80a76456}
[2006/11/04 08:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{9b9d2aaa-ae26-4447-a7a1-633a32b19ddd}
[2010/10/19 11:42:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/09 15:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/12/02 14:14:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/03/30 14:30:15 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2010/11/06 08:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\51sijzh6.default\extensions\[email protected]
[2010/12/02 14:14:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/05/14 20:05:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/12/01 15:23:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/01 15:22:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/03/30 16:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/11/30 19:00:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (DWABrowserHlprObj Class) - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll (IBM Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\7.0.517.44\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Corel File Shell Monitor] D:\Corel\Paint Shop Pro\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Photozig Albums Media Detector] C:\Program Files\Photozig Albums\pzAlbumsDetect.exe ()
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files\Digsby\digsby.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\digsby.lnk = C:\Program Files\Digsby\digsby.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.co...ll/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader2.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineco...loadcontrol.cab (InetDownload Class)
O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetu...ader_200909.cab (MeetUploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://domino5.wcpss.net/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.del...ll/gtdownde.cab (AutoFix Launcher Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\7.0.517.44\npchrome_frame.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/05 13:23:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2010/12/02 14:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/12/02 14:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/12/01 15:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/01 15:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/01 15:23:00 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/01 15:23:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/01 15:22:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/01 15:22:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/01 15:22:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/01 14:41:19 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u22-windows-i586.exe
[2010/11/30 23:52:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/30 19:00:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/30 14:02:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/11/27 13:39:35 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/11/22 09:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Corel Auto-Preserve
[2010/11/21 17:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\fall 2010
[2010/11/21 17:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\nov2010
[2010/11/17 12:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Carsie Blanton

========== Files - Modified Within 30 Days ==========

[2010/12/02 14:18:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/12/02 14:17:22 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2010/12/02 14:09:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-823518204-682003330-1003UA.job
[2010/12/02 13:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/02 04:36:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/02 00:42:23 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/02 00:40:57 | 000,869,086 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2010/12/01 18:09:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-823518204-682003330-1003Core.job
[2010/12/01 15:47:35 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2010/12/01 15:22:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/01 15:22:43 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/01 15:22:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/01 15:22:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/01 15:22:43 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/01 15:19:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/01 15:17:37 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/01 15:17:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/01 14:41:41 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u22-windows-i586.exe
[2010/11/30 19:15:29 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gd03gjxo.exe
[2010/11/30 19:00:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/30 14:02:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 13:47:44 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/11/29 13:46:06 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/11/27 13:41:08 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/27 13:39:40 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/11/26 01:34:06 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Digsby.lnk
[2010/11/26 01:34:06 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Digsby.lnk
[2010/11/26 01:34:06 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\digsby.lnk
[2010/11/26 00:44:32 | 020,332,040 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\digsby_setup85.exe
[2010/11/25 23:18:29 | 000,033,460 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SF17-4697.jpg
[2010/11/24 01:37:07 | 000,000,848 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/11/22 09:50:51 | 001,081,897 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_9162.jpg
[2010/11/22 07:45:26 | 000,205,312 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/21 13:03:40 | 000,044,371 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume.pdf
[2010/11/21 13:03:02 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume.doc
[2010/11/20 19:50:51 | 000,109,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\worstmovies.jpg
[2010/11/20 02:47:36 | 000,062,170 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\987bcg.jpg
[2010/11/15 14:44:50 | 162,387,547 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Girl_Talk_-_All_Day_(IA123)_mp3s.zip
[2010/11/10 15:14:46 | 000,045,225 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_Nov2010.pdf
[2010/11/10 15:14:12 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_long.doc
[2010/11/10 14:43:52 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_ta.doc
[2010/11/10 10:50:18 | 000,007,498 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0.jpg
[2010/11/10 09:57:47 | 000,070,134 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\102262957-1289401062.pdf
[2010/11/09 16:14:41 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_withobj.doc
[2010/11/09 11:32:41 | 000,070,195 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\349160586-1289320380.pdf
[2010/11/09 09:26:19 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 09:26:19 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 01:54:19 | 057,340,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The_Magnetic_Fields_-_Holiday.zip
[2010/11/03 19:52:56 | 000,033,042 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HH.jpg
[2010/11/03 19:15:22 | 000,041,466 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\73917_10100297633397103_2203241_60407953_2840374_n.jpg
[2010/11/03 14:39:22 | 000,034,482 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\76657_10100297633701493_2203241_60407962_1347482_n.jpg
[2010/11/03 14:38:55 | 000,052,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\149800_10100297646106633_2203241_60408215_7122618_n.jpg

========== Files Created - No Company Name ==========

[2010/12/02 14:17:22 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2010/12/02 00:40:59 | 000,869,086 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2010/12/01 15:45:30 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2010/11/30 19:15:32 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gd03gjxo.exe
[2010/11/29 13:49:47 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/11/29 13:49:45 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/11/27 13:41:08 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/26 01:34:06 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Digsby.lnk
[2010/11/26 00:43:56 | 020,332,040 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\digsby_setup85.exe
[2010/11/25 23:18:28 | 000,033,460 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SF17-4697.jpg
[2010/11/22 07:50:11 | 001,081,897 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_9162.jpg
[2010/11/20 19:50:44 | 000,109,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\worstmovies.jpg
[2010/11/20 02:47:32 | 000,062,170 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\987bcg.jpg
[2010/11/15 14:11:45 | 162,387,547 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Girl_Talk_-_All_Day_(IA123)_mp3s.zip
[2010/11/10 15:04:13 | 000,045,225 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_Nov2010.pdf
[2010/11/10 14:43:52 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_ta.doc
[2010/11/10 14:41:29 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_long.doc
[2010/11/10 10:50:17 | 000,007,498 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0.jpg
[2010/11/10 09:57:46 | 000,070,134 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\102262957-1289401062.pdf
[2010/11/09 16:14:40 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AmandaHarris_Resume_withobj.doc
[2010/11/09 11:32:40 | 000,070,195 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\349160586-1289320380.pdf
[2010/11/08 01:51:22 | 057,340,478 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The_Magnetic_Fields_-_Holiday.zip
[2010/11/03 19:52:56 | 000,033,042 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HH.jpg
[2010/11/03 19:15:22 | 000,041,466 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\73917_10100297633397103_2203241_60407953_2840374_n.jpg
[2010/11/03 14:39:21 | 000,034,482 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\76657_10100297633701493_2203241_60407962_1347482_n.jpg
[2010/11/03 14:38:46 | 000,052,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\149800_10100297646106633_2203241_60408215_7122618_n.jpg
[2010/07/12 13:28:30 | 000,000,017 | ---- | C] () -- C:\Program Files\Common Files\winafx.log
[2010/02/22 15:28:33 | 000,000,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/12/30 08:17:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/11/18 11:29:04 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/18 11:29:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/22 23:08:05 | 000,000,056 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/05/27 18:16:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll
[2008/05/16 11:25:57 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 11:25:56 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 11:25:52 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 11:25:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/05/16 11:25:47 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/10 00:45:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/10 00:42:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4400.ini
[2007/08/01 23:19:46 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/07/22 13:20:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2007/07/20 22:47:13 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
[2007/05/09 19:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/02/03 20:43:48 | 000,018,748 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2007/02/03 19:33:46 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/02/03 14:54:07 | 000,001,428 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HPCOM_48BitScanUpdate.log
[2007/02/03 14:54:07 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/01/02 19:01:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/12/24 15:12:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\RATS.INI
[2006/11/26 20:00:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2006/11/05 23:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/10/21 12:59:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/09/24 20:53:56 | 000,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 20:53:44 | 002,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 20:52:06 | 000,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006/05/14 16:00:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/09 20:41:06 | 000,000,330 | ---- | C] () -- C:\WINDOWS\RBuilder.ini
[2006/02/24 15:54:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2006/01/16 09:56:17 | 000,205,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/30 01:11:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2005/12/27 10:28:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2005/10/14 22:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2005/09/05 20:40:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/05 13:58:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/09/05 12:27:02 | 000,001,436 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/09/05 11:29:00 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\counter.cfg
[2005/09/05 06:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/02/01 14:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/03/08 23:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/07/30 09:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 12/2/2010 2:19:44 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 379.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 3.62 Gb Free Space | 18.53% Space Free | Partition Type: NTFS
Drive D: | 94.95 Gb Total Space | 4.32 Gb Free Space | 4.55% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: OLEBLUE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "D:\Corel\Paint Shop Pro\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\oracle\ora92\Apache\Apache\Apache.exe" = D:\oracle\ora92\Apache\Apache\Apache.exe:*:Enabled:Apache -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)
"C:\Program Files\Steam\steamapps\common\peggle deluxe\Peggle.exe" = C:\Program Files\Steam\steamapps\common\peggle deluxe\Peggle.exe:*:Enabled:Peggle Deluxe -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{471B83B9-29D8-41EC-9974-56BB8A457A8B}" = EPSON Stylus CX4400 Series Scanner Driver Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C05DD50-676B-37FC-01B4-76B616EB1D65}" = SocialSafe
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8D03A164-B586-4318-AFE6-870A5E2739C1}" = PHOTORECOVERY LE
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{936D42B8-FE51-41D5-A74A-6182F6CDB17B}" = NETGEAR WG311v2 802.11g Wireless PCI Adapter
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A5B5B6D8-DE44-44A3-90C4-8C07A1E0FAD4}" = WBFS Manager 2.5
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB4EDC19-3B5E-4838-80E7-92454323B0FE}" = Garmin VoiceStudio v2.10
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}" = EA Download Manager UI
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}" = Sansa Updater
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F8722041-B63A-47FB-82A8-5F0977E1CF45}" = TWC Customer Controls
"7-Zip" = 7-Zip 4.42
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ArtistScope Plugin IE 424.2.0.0" = ArtistScope Plugin IE 42
"avast!" = avast! Antivirus
"Blaze Media Pro" = Blaze Media Pro
"Canon MP160 User Registration" = Canon MP160 User Registration
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"CCleaner" = CCleaner (remove only)
"Citrix ICA Client" = Citrix ICA Client
"com.1minus1.socialsafe.D675411CF670AA3EFAC13BDD847989BEDE2115E2.1" = SocialSafe
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Cool MP3 Splitter_is1" = Cool MP3 Splitter 3.0
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 53
"DellSupport" = Dell Support 5.0.0 (630)
"deskPDF 2.5 Standard_is1" = deskPDF 2.5 Standard Edition
"Digsby" = Digsby
"EA Download Manager" = EA Download Manager
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Falco GIF Animator_is1" = Falco GIF Animator 2.0
"Free Audio Editor" = Free Audio Editor
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.3
"Free Studio_is1" = Free Studio version 4.3
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.4
"GIF Animator" = Microsoft GIF Animator
"Google Chrome Frame" = Google Chrome Frame
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"Hoyle Board Games 3" = Hoyle Board Games 3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImageSkill Background Remover 3" = ImageSkill Background Remover 3
"InCD!UninstallKey" = Ahead InCD
"InstallShield_{936D42B8-FE51-41D5-A74A-6182F6CDB17B}" = NETGEAR WG311v2 802.11g Wireless PCI Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Movies" = Movies
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Ahead NeroMediaPlayer
"NVIDIA Drivers" = NVIDIA Drivers
"Photozig Albums_is1" = Photozig Albums 1.0
"Pidgin" = Pidgin
"Pingus" = Pingus
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealArcade" = RealArcade
"Silent Package Run-Time Sample" = EPSON CX4400 Series User's Guide
"splash" = Splash
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster 4.1
"Steam App 26810" = Braid Demo
"Steam App 3480" = Peggle Deluxe
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"USB Driver Vers. 3.2" = USB Driver Vers. 3.2
"Video to GIF Converter_is1" = Video to GIF Converter 4.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 6/12/2009 3:55:48 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Puzzle Series 10.nds failed, 0000A413.

Error - 6/12/2009 3:55:49 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Puzzle Series 10.sav failed, 0000A413.

Error - 6/12/2009 3:55:52 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Puzzle Series 11.nds failed, 0000A413.

Error - 6/12/2009 3:56:39 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\Death Jr and the Science Fair of Doom.sav failed, 0000A413.

Error - 6/12/2009 3:56:43 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Death Jr and the Science Fair of Doom.sav failed, 0000A413.

Error - 6/12/2009 3:57:40 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\Chameleon To Die For.nds failed, 0000A413.

Error - 6/12/2009 3:57:48 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\Chameleon To Die For.SAV failed, 0000A413.

Error - 6/12/2009 3:57:55 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Chameleon To Die For.nds failed, 0000A413.

Error - 6/12/2009 3:57:55 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Chameleon To Die For.SAV failed, 0000A413.

Error - 12/15/2009 12:11:23 PM | Computer Name = HOME-4419E0A31C | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5DEX3B9M\left_disabled[2]
failed, 00000005.

[ Application Events ]
Error - 11/30/2010 3:03:09 PM | Computer Name = OLEBLUE | Source = Application Hang | ID = 1002
Description = Hanging application OTL.scr, version 3.2.17.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/30/2010 8:08:00 PM | Computer Name = OLEBLUE | Source = Apache Service | ID = 3299
Description = The Apache service named apache.exe reported the following error: >>>
[Tue Nov 30 19:08:00 2010] [warn] pid file d:/oracle/ora92/apache/apache/logs/httpd.pid
overwritten -- Unclean shutdown of previous Apache run? <<< before the error.log
file could be opened. More information may be available in the error.log file.
.

Error - 11/30/2010 8:08:04 PM | Computer Name = OLEBLUE | Source = OracleOraHome92Agent | ID = 131076
Description = Agent process exited abnormally during initialization.

Error - 11/30/2010 8:08:23 PM | Computer Name = OLEBLUE | Source = Application Error | ID = 1000
Description = Faulting application agntsrvc.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/1/2010 12:53:58 AM | Computer Name = OLEBLUE | Source = Application Hang | ID = 1002
Description = Hanging application digsby-app.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2010 12:53:59 AM | Computer Name = OLEBLUE | Source = Application Hang | ID = 1002
Description = Hanging application digsby-app.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2010 3:29:33 PM | Computer Name = OLEBLUE | Source = OracleOraHome92Agent | ID = 131076
Description = Agent process exited abnormally during initialization.

Error - 12/1/2010 3:29:46 PM | Computer Name = OLEBLUE | Source = Application Error | ID = 1000
Description = Faulting application agntsrvc.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/1/2010 4:18:31 PM | Computer Name = OLEBLUE | Source = OracleOraHome92Agent | ID = 131076
Description = Agent process exited abnormally during initialization.

Error - 12/1/2010 4:19:01 PM | Computer Name = OLEBLUE | Source = Application Error | ID = 1000
Description = Faulting application agntsrvc.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 12/2/2010 3:07:45 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/2/2010 3:07:45 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/2/2010 3:07:45 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/2/2010 3:07:45 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/2/2010 3:07:45 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/2/2010 3:07:45 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/2/2010 3:07:45 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/2/2010 3:07:45 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/2/2010 3:07:45 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/2/2010 3:07:45 PM | Computer Name = OLEBLUE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >




Thank you!
  • 0

#8
SweetTech
Posted 02 December 2010 - 01:39 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Commands
[ClearAllRestorePoints]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have graet built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#9
syrope2
Posted 02 December 2010 - 01:59 PM

syrope2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.17.3 log created on 12022010_144258


Thanks so much! Good to close :D
  • 0

#10
SweetTech
Posted 02 December 2010 - 02:11 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP