Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I need help removal of trojans worms


  • This topic is locked This topic is locked

#1
Ilookdamgood

Ilookdamgood

    New Member

  • Member
  • Pip
  • 3 posts
How do I remove Trojans and worms from my computer? here is the report
OTL logfile created on: 4/20/2011 8:30:31 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Guest\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.01 Gb Total Space | 28.91 Gb Free Space | 46.63% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 74.43 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive E: | 11.48 Gb Total Space | 1.37 Gb Free Space | 11.95% Space Free | Partition Type: FAT32

Computer Name: HPLAPTOP | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 07:44:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\My Documents\Downloads\OTL.exe
PRC - [2011/04/20 07:30:32 | 001,098,752 | ---- | M] () -- C:\Documents and Settings\Guest\My Documents\Downloads\winlogon.exe.exe
PRC - [2011/04/20 01:08:44 | 000,344,064 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\owner\Local Settings\Application Data\eji.exe
PRC - [2011/04/19 17:39:08 | 000,501,200 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\SZOptions.exe
PRC - [2011/04/19 17:39:06 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/04/19 17:39:02 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/03/23 10:30:15 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/23 16:43:48 | 000,153,920 | ---- | M] (TuneUp360.com) -- C:\Program Files\TuneUp360\TuneUp360Mon.exe
PRC - [2009/10/03 08:03:28 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/01/15 13:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/06/27 18:31:34 | 000,102,400 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
PRC - [2006/05/09 15:11:10 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe
PRC - [2006/05/09 15:09:32 | 000,073,728 | ---- | M] (Starz) -- C:\Program Files\Vongo\Tray.exe
PRC - [2006/03/16 00:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2005/09/24 11:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/06/09 14:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe


========== Modules (SafeList) ==========

MOD - [2011/04/20 07:44:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\My Documents\Downloads\OTL.exe
MOD - [2009/10/03 08:04:28 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 09:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/19 17:39:02 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/11/23 16:43:48 | 000,153,920 | ---- | M] (TuneUp360.com) [Auto | Running] -- C:\Program Files\TuneUp360\TuneUp360Mon.exe -- (TuneUp360Mon)
SRV - [2007/08/29 15:15:04 | 000,230,760 | ---- | M] (Digital Business Processes) [Disabled | Stopped] -- C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe -- (NeatReceipts Database Controller)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/09 15:11:10 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Running] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)


========== Driver Services (SafeList) ==========

DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/22 07:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/05/08 08:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2007/10/21 06:31:00 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/04/23 01:51:22 | 000,019,840 | ---- | M] (RDM Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ustp2.sys -- (ustp2)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/07/06 10:28:58 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/02 11:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/21 13:06:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/04/20 12:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 12:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 12:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/12/22 13:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 16:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 14:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/20 01:32:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 10:30:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2008/04/09 13:00:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/05/17 17:48:40 | 000,000,000 | ---D | M]

[2009/01/05 12:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2011/03/27 17:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\nvinqmee.default\extensions
[2010/05/17 18:22:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\nvinqmee.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/27 16:57:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\nvinqmee.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/05 21:32:21 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\nvinqmee.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/01/06 14:30:04 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\nvinqmee.default\searchplugins\ask.xml
[2011/03/21 22:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/15 21:13:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/12/06 20:10:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/10/03 08:04:28 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/11 11:10:48 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/03/16 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\owner\Start Menu\Programs\StartUp\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: SmartShopper - Compare travel rates - {99819CC8-3111-410c-A2B7-38BB530386EE} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: goldleafach.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0DA69429-A757-4D6F-A827-DB1AF052DDAF} https://portal.globa.../plugins/VA.cab (M6 - VA Launcher)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} https://portal.globa...ns/VMPlayer.cab (M6 - VM Player Launcher)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2142250b-4fa0-11db-bf8d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2142250b-4fa0-11db-bf8d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2142250b-4fa0-11db-bf8d-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\{4d7875fc-6207-11df-aa81-0016368f84ae}\Shell - "" = AutoRun
O33 - MountPoints2\{4d7875fc-6207-11df-aa81-0016368f84ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d7875fc-6207-11df-aa81-0016368f84ae}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\owner\Local Settings\Application Data\eji.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\owner\Local Settings\Application Data\eji.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/20 02:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/04/20 02:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/04/20 02:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/20 02:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/04/20 02:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2011/04/20 02:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\spotmau
[2011/04/20 02:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pc health check
[2011/04/20 02:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[2011/04/20 02:10:54 | 000,380,224 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\TuneUp360.ocx
[2011/04/20 02:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp360
[2011/04/20 02:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp360
[2011/04/20 01:08:44 | 000,344,064 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\owner\Local Settings\Application Data\eji.exe
[2011/04/19 17:38:56 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/04/19 17:38:56 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/04/19 17:38:54 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/04/19 17:38:54 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/04/19 17:38:54 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/04/19 17:38:54 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/04/19 17:38:54 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/04/19 17:38:52 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/04/19 17:38:52 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/04/19 17:38:52 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/03/21 15:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Sammsoft
[2011/03/21 15:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/03/21 15:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2006/09/29 06:07:44 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnp2uvc.dll
[81 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/20 08:30:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E934539-2FB1-4007-B1FF-36365945E203}.job
[2011/04/20 08:23:43 | 000,015,670 | -HS- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\je3h2o15iflr2wx2b63oyd5c6
[2011/04/20 08:23:43 | 000,015,670 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\je3h2o15iflr2wx2b63oyd5c6
[2011/04/20 08:17:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/20 02:26:21 | 000,000,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/04/20 02:23:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/20 02:23:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/20 02:23:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/20 02:22:57 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/20 02:10:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\TuneUp360 Reminder.job
[2011/04/20 02:10:54 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUp360.lnk
[2011/04/20 02:10:54 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp360.lnk
[2011/04/19 17:38:56 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/04/19 17:38:56 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/04/19 17:38:54 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/04/19 17:38:54 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/04/19 17:38:54 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/04/19 17:38:54 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/04/19 17:38:54 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/04/19 17:38:52 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/04/19 17:38:52 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/04/19 17:38:52 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/04/19 15:57:45 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\ARO 2011.job
[2011/04/11 15:47:18 | 000,425,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/08 20:00:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - owner.job
[2011/04/08 10:46:12 | 002,972,436 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\MMS_Part_1.pdf
[2011/04/07 14:27:56 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/29 15:53:03 | 000,001,256 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Clean Registry for Free!.lnk
[2011/03/28 16:44:28 | 000,549,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 16:44:28 | 000,111,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 20:08:11 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/24 14:34:23 | 000,001,527 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Check PC For Errors.lnk
[2011/03/24 14:34:23 | 000,001,527 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/03/24 13:21:57 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Live PC Help.lnk
[81 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/20 02:25:01 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/04/20 02:10:58 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\TuneUp360 Reminder.job
[2011/04/20 02:10:54 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUp360.lnk
[2011/04/20 02:10:54 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp360.lnk
[2011/04/20 01:08:47 | 000,015,670 | -HS- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\je3h2o15iflr2wx2b63oyd5c6
[2011/04/20 01:08:47 | 000,015,670 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\je3h2o15iflr2wx2b63oyd5c6
[2011/04/08 10:46:12 | 002,972,436 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\MMS_Part_1.pdf
[2011/03/29 15:53:03 | 000,001,256 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Clean Registry for Free!.lnk
[2011/03/24 13:21:57 | 000,001,110 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Live PC Help.lnk
[2011/03/21 15:53:49 | 000,000,228 | ---- | C] () -- C:\WINDOWS\tasks\ARO 2011.job
[2011/03/21 15:24:58 | 000,001,527 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Check PC For Errors.lnk
[2011/03/21 15:24:58 | 000,001,527 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2009/06/18 15:46:25 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/04/14 13:23:35 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2009/01/11 22:59:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\wklnhst.dat
[2009/01/05 18:58:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/02/04 11:29:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\VoissUtils.dll
[2008/01/08 01:11:42 | 000,000,341 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/15 19:10:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/12/14 20:58:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/17 14:06:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/12/19 02:05:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/02 17:01:19 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/29 06:07:45 | 000,102,400 | ---- | C] () -- C:\WINDOWS\HPWebcam.exe
[2006/09/29 06:03:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat
[2006/08/07 17:37:22 | 000,000,219 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/07 17:32:59 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/07 17:32:59 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/07 17:18:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/07 17:06:22 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/20 01:58:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/20 01:58:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/07/20 01:58:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/20 01:58:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/07/20 01:58:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/20 01:58:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/20 01:58:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/07/20 01:58:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/07/20 01:58:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/06 06:28:58 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2006/06/29 15:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 14:46:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:27:08 | 000,549,700 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 14:27:08 | 000,111,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 14:18:06 | 000,425,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 14:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 14:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/16 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 00:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/03/16 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 14:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/02 15:24:26 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\sx80lc.ini
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/12/21 16:35:36 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\sx5363.ini

========== LOP Check ==========

[2010/01/25 23:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/08/07 17:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/10/19 01:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/04/14 13:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeatReceipts Professional
[2011/04/20 02:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pc health check
[2009/08/27 11:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/04/20 02:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2011/04/20 08:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/20 02:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[2007/04/14 21:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/26 00:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/01/27 20:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Azureus
[2009/12/07 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
[2009/01/05 21:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Foxit
[2009/12/04 01:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\GetRightToGo
[2007/10/19 01:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\HotSync
[2006/12/08 14:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Leadertech
[2007/04/04 02:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\MSNInstaller
[2008/04/09 13:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Netscape
[2009/06/18 15:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Research In Motion
[2011/03/21 15:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Sammsoft
[2011/02/27 13:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\ShoppingReport
[2011/02/27 13:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Smart-Shopper2
[2011/04/20 02:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\spotmau
[2009/10/03 19:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Template
[2007/04/14 21:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Viewpoint
[2006/11/26 00:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\WildTangent
[2011/04/19 15:57:45 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\ARO 2011.job
[2011/04/20 02:10:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\TuneUp360 Reminder.job
[2011/04/20 08:30:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3E934539-2FB1-4007-B1FF-36365945E203}.job

========== Purity Check ==========



< End of report >

Edited by Ilookdamgood, 20 April 2011 - 06:41 AM.

  • 0

Advertisements


#2
Ilookdamgood

Ilookdamgood

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I found a trojan on my computer can you help to remove.this is the virus attack from: 76.113.59.176 port 40161
attacked port 58227
threat Trojan-sms.j2me.redbrowser.a that report was from microsoft security soft ware.



OTL logfile created on: 4/20/2011 8:30:31 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Guest\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.01 Gb Total Space | 28.91 Gb Free Space | 46.63% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 74.43 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive E: | 11.48 Gb Total Space | 1.37 Gb Free Space | 11.95% Space Free | Partition Type: FAT32

Computer Name: HPLAPTOP | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 07:44:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\My Documents\Downloads\OTL.exe
PRC - [2011/04/20 07:30:32 | 001,098,752 | ---- | M] () -- C:\Documents and Settings\Guest\My Documents\Downloads\winlogon.exe.exe
PRC - [2011/04/20 01:08:44 | 000,344,064 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\owner\Local Settings\Application Data\eji.exe
PRC - [2011/04/19 17:39:08 | 000,501,200 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\SZOptions.exe
PRC - [2011/04/19 17:39:06 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/04/19 17:39:02 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/03/23 10:30:15 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/23 16:43:48 | 000,153,920 | ---- | M] (TuneUp360.com) -- C:\Program Files\TuneUp360\TuneUp360Mon.exe
PRC - [2009/10/03 08:03:28 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/01/15 13:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/06/27 18:31:34 | 000,102,400 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
PRC - [2006/05/09 15:11:10 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe
PRC - [2006/05/09 15:09:32 | 000,073,728 | ---- | M] (Starz) -- C:\Program Files\Vongo\Tray.exe
PRC - [2006/03/16 00:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2005/09/24 11:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/06/09 14:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe


========== Modules (SafeList) ==========

MOD - [2011/04/20 07:44:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\My Documents\Downloads\OTL.exe
MOD - [2009/10/03 08:04:28 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 09:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/19 17:39:02 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/11/23 16:43:48 | 000,153,920 | ---- | M] (TuneUp360.com) [Auto | Running] -- C:\Program Files\TuneUp360\TuneUp360Mon.exe -- (TuneUp360Mon)
SRV - [2007/08/29 15:15:04 | 000,230,760 | ---- | M] (Digital Business Processes) [Disabled | Stopped] -- C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe -- (NeatReceipts Database Controller)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/09 15:11:10 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Running] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)


========== Driver Services (SafeList) ==========

DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/22 07:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/05/08 08:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2007/10/21 06:31:00 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/04/23 01:51:22 | 000,019,840 | ---- | M] (RDM Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ustp2.sys -- (ustp2)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/07/06 10:28:58 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/02 11:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/21 13:06:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/04/20 12:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 12:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 12:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/12/22 13:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 16:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 14:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/20 01:32:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 10:30:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2008/04/09 13:00:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/05/17 17:48:40 | 000,000,000 | ---D | M]

[2009/01/05 12:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2011/03/27 17:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\nvinqmee.default\extensions
[2010/05/17 18:22:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\nvinqmee.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/27 16:57:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\nvinqmee.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/05 21:32:21 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\nvinqmee.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/01/06 14:30:04 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\nvinqmee.default\searchplugins\ask.xml
[2011/03/21 22:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/15 21:13:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/12/06 20:10:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/10/03 08:04:28 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/11 11:10:48 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/03/16 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\owner\Start Menu\Programs\StartUp\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: SmartShopper - Compare travel rates - {99819CC8-3111-410c-A2B7-38BB530386EE} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: goldleafach.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0DA69429-A757-4D6F-A827-DB1AF052DDAF} https://portal.globa.../plugins/VA.cab (M6 - VA Launcher)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} https://portal.globa...ns/VMPlayer.cab (M6 - VM Player Launcher)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2142250b-4fa0-11db-bf8d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2142250b-4fa0-11db-bf8d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2142250b-4fa0-11db-bf8d-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\{4d7875fc-6207-11df-aa81-0016368f84ae}\Shell - "" = AutoRun
O33 - MountPoints2\{4d7875fc-6207-11df-aa81-0016368f84ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d7875fc-6207-11df-aa81-0016368f84ae}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\owner\Local Settings\Application Data\eji.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\owner\Local Settings\Application Data\eji.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/20 02:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/04/20 02:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/04/20 02:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/20 02:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/04/20 02:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2011/04/20 02:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\spotmau
[2011/04/20 02:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pc health check
[2011/04/20 02:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[2011/04/20 02:10:54 | 000,380,224 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\TuneUp360.ocx
[2011/04/20 02:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp360
[2011/04/20 02:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp360
[2011/04/20 01:08:44 | 000,344,064 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\owner\Local Settings\Application Data\eji.exe
[2011/04/19 17:38:56 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/04/19 17:38:56 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/04/19 17:38:54 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/04/19 17:38:54 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/04/19 17:38:54 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/04/19 17:38:54 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/04/19 17:38:54 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/04/19 17:38:52 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/04/19 17:38:52 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/04/19 17:38:52 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/03/21 15:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Sammsoft
[2011/03/21 15:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/03/21 15:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2006/09/29 06:07:44 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnp2uvc.dll
[81 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/20 08:30:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E934539-2FB1-4007-B1FF-36365945E203}.job
[2011/04/20 08:23:43 | 000,015,670 | -HS- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\je3h2o15iflr2wx2b63oyd5c6
[2011/04/20 08:23:43 | 000,015,670 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\je3h2o15iflr2wx2b63oyd5c6
[2011/04/20 08:17:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/20 02:26:21 | 000,000,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/04/20 02:23:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/20 02:23:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/20 02:23:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/20 02:22:57 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/20 02:10:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\TuneUp360 Reminder.job
[2011/04/20 02:10:54 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUp360.lnk
[2011/04/20 02:10:54 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp360.lnk
[2011/04/19 17:38:56 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/04/19 17:38:56 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/04/19 17:38:54 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/04/19 17:38:54 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/04/19 17:38:54 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/04/19 17:38:54 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/04/19 17:38:54 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/04/19 17:38:52 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/04/19 17:38:52 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/04/19 17:38:52 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/04/19 15:57:45 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\ARO 2011.job
[2011/04/11 15:47:18 | 000,425,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/08 20:00:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - owner.job
[2011/04/08 10:46:12 | 002,972,436 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\MMS_Part_1.pdf
[2011/04/07 14:27:56 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/29 15:53:03 | 000,001,256 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Clean Registry for Free!.lnk
[2011/03/28 16:44:28 | 000,549,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 16:44:28 | 000,111,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 20:08:11 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/24 14:34:23 | 000,001,527 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Check PC For Errors.lnk
[2011/03/24 14:34:23 | 000,001,527 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/03/24 13:21:57 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Live PC Help.lnk
[81 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/20 02:25:01 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/04/20 02:10:58 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\TuneUp360 Reminder.job
[2011/04/20 02:10:54 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUp360.lnk
[2011/04/20 02:10:54 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp360.lnk
[2011/04/20 01:08:47 | 000,015,670 | -HS- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\je3h2o15iflr2wx2b63oyd5c6
[2011/04/20 01:08:47 | 000,015,670 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\je3h2o15iflr2wx2b63oyd5c6
[2011/04/08 10:46:12 | 002,972,436 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\MMS_Part_1.pdf
[2011/03/29 15:53:03 | 000,001,256 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Clean Registry for Free!.lnk
[2011/03/24 13:21:57 | 000,001,110 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Live PC Help.lnk
[2011/03/21 15:53:49 | 000,000,228 | ---- | C] () -- C:\WINDOWS\tasks\ARO 2011.job
[2011/03/21 15:24:58 | 000,001,527 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Check PC For Errors.lnk
[2011/03/21 15:24:58 | 000,001,527 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2009/06/18 15:46:25 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/04/14 13:23:35 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2009/01/11 22:59:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\wklnhst.dat
[2009/01/05 18:58:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/02/04 11:29:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\VoissUtils.dll
[2008/01/08 01:11:42 | 000,000,341 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/15 19:10:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/12/14 20:58:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/17 14:06:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/12/19 02:05:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/02 17:01:19 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/29 06:07:45 | 000,102,400 | ---- | C] () -- C:\WINDOWS\HPWebcam.exe
[2006/09/29 06:03:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat
[2006/08/07 17:37:22 | 000,000,219 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/07 17:32:59 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/07 17:32:59 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/07 17:18:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/07 17:06:22 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/20 01:58:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/20 01:58:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/07/20 01:58:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/20 01:58:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/07/20 01:58:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/20 01:58:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/20 01:58:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/07/20 01:58:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/07/20 01:58:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/06 06:28:58 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2006/06/29 15:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 14:46:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:27:08 | 000,549,700 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 14:27:08 | 000,111,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 14:18:06 | 000,425,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 14:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 14:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/16 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 00:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/03/16 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 14:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/02 15:24:26 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\sx80lc.ini
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/12/21 16:35:36 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\sx5363.ini

========== LOP Check ==========

[2010/01/25 23:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/08/07 17:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/10/19 01:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/04/14 13:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeatReceipts Professional
[2011/04/20 02:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pc health check
[2009/08/27 11:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/04/20 02:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2011/04/20 08:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/20 02:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[2007/04/14 21:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/26 00:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/01/27 20:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Azureus
[2009/12/07 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
[2009/01/05 21:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Foxit
[2009/12/04 01:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\GetRightToGo
[2007/10/19 01:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\HotSync
[2006/12/08 14:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Leadertech
[2007/04/04 02:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\MSNInstaller
[2008/04/09 13:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Netscape
[2009/06/18 15:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Research In Motion
[2011/03/21 15:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Sammsoft
[2011/02/27 13:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\ShoppingReport
[2011/02/27 13:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Smart-Shopper2
[2011/04/20 02:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\spotmau
[2009/10/03 19:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Template
[2007/04/14 21:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Viewpoint
[2006/11/26 00:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\WildTangent
[2011/04/19 15:57:45 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\ARO 2011.job
[2011/04/20 02:10:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\TuneUp360 Reminder.job
[2011/04/20 08:30:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3E934539-2FB1-4007-B1FF-36365945E203}.job

========== Purity Check ==========



< End of report >

Edited by Ilookdamgood, 20 April 2011 - 08:55 AM.

  • 0

#3
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello Ilookdamgood and welcome to GeeksToGo :D

I'm Homburg and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#4
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi Ilookdamgood,

When you ran OTL it should have put a log called extras.txt in the same place as the OTL.txt, please post it in your next reply.

I can see you have or previously have had Norton and McAfee installed. Please tell me what you use for a Firewall and AntiVirus.

========
Step 1
========

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{2142250b-4fa0-11db-bf8d-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\owner\Local Settings\Application Data\eji.exe" -a "%1" %* (Microsoft Corporation)
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\owner\Local Settings\Application Data\eji.exe" -a "%1" %* (Microsoft Corporation)
    [2011/04/20 01:08:44 | 000,344,064 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\owner\Local Settings\Application Data\eji.exe
    [2011/04/20 08:23:43 | 000,015,670 | -HS- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\je3h2o15iflr2wx2b63oyd5c6
    [2011/04/20 08:23:43 | 000,015,670 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\je3h2o15iflr2wx2b63oyd5c6
    
    :Services
    
    :Reg
    
    :Files
    C:\Documents and Settings\Guest\My Documents\Downloads\winlogon.exe.exe
    C:\Documents and Settings\owner\Local Settings\Application Data\je3h2o15iflr2wx2b63oyd5c6
    C:\Documents and Settings\All Users\Application Data\je3h2o15iflr2wx2b63oyd5c6
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

========
Step 2
========

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply


========
Step 3
========

In your reply I would like to see:
Extras.txt from your first OTL run,
OTL fix log
OTL quick scan log
MBR log
Let me know what Firewall and AntiVirus you are using.
Homburg
  • 0

#5
Ilookdamgood

Ilookdamgood

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here is the extras.txt from the first run.

OTL Extras logfile created on: 4/20/2011 8:30:31 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Guest\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.01 Gb Total Space | 28.91 Gb Free Space | 46.63% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 74.43 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive E: | 11.48 Gb Total Space | 1.37 Gb Free Space | 11.95% Space Free | Partition Type: FAT32

Computer Name: HPLAPTOP | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\owner\Local Settings\Application Data\eji.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1166508365\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1166508365\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FC6799-866E-44A1-A60C-DCF394CF56FD}" = iTunes
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 21
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Pavilion Webcam
"{3AE87269-BD57-4A58-B13D-FC67664BCFB8}" = BlackBerry Desktop Software 4.3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{6C16AACD-F64B-B55D-617B-B60716068DD3}" = eBay Desktop
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (NR2007)
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{862ACB14-04CE-46BC-8652-9EA203178DD7}" = STOPzilla
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D199EBB-749F-478E-B4E4-9D343A1BEB07}" = NeatReceipts Professional 3.0 Core Files
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1F2EF4E-CDAA-9B4C-A934-911D4B0D12KC}_is1" = TuneUp360
"{C4180B60-0239-48DE-89EF-2CE4C3650A71}" = HP User Guides 0036
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE49FF02-E07A-4C28-B451-42F009315F42}" = Goldleaf Scanner Components (RDM ECx000 Series)
"{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{DD7C1079-A2CC-48FB-8208-1EE38C8C2FBA}" = BlackBerry v4.2.1 for the 8100 Series Wireless Handheld
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials
"{F5797F1E-0463-437D-950B-40C7DBA148AB}" = NeatReceipts Database Controller
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"ARO 2011_is1" = ARO 2011
"Ask Toolbar_is1" = Foxit Toolbar
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{3AE87269-BD57-4A58-B13D-FC67664BCFB8}" = BlackBerry Desktop Software 4.3
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1" = eBay Desktop
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"ESPNMotion" = ESPNMotion
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{00FC6799-866E-44A1-A60C-DCF394CF56FD}" = iTunes
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeatReceipts Professional" = NeatReceipts Professional v3.0.3
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"Smart-Shopper2" = SmartShopper
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Universal Document Converter_is1" = Universal Document Converter
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hplaptop Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X-WIRE_is1" = X-WIRE version 3.7.34
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2011 2:26:04 PM | Computer Name = HPLAPTOP | Source = MSMQ | ID = 2091
Description = A write operation cannot be performed (Error: 1450t).

Error - 4/7/2011 2:26:04 PM | Computer Name = HPLAPTOP | Source = MSMQ | ID = 2077
Description = The expression 'MQInSeq' cannot be saved for the checkpoint. Message
Queuing cannot operate reliably without the checkpoint.

Error - 4/8/2011 9:14:28 AM | Computer Name = HPLAPTOP | Source = Google Update | ID = 20
Description =

Error - 4/9/2011 11:13:29 AM | Computer Name = HPLAPTOP | Source = Google Update | ID = 20
Description =

Error - 4/9/2011 11:34:03 PM | Computer Name = HPLAPTOP | Source = Google Update | ID = 20
Description =

Error - 4/10/2011 10:21:28 AM | Computer Name = HPLAPTOP | Source = Google Update | ID = 20
Description =

Error - 4/10/2011 10:29:51 PM | Computer Name = HPLAPTOP | Source = Google Update | ID = 20
Description =

Error - 4/19/2011 6:33:45 AM | Computer Name = HPLAPTOP | Source = Google Update | ID = 20
Description =

Error - 4/19/2011 10:37:20 AM | Computer Name = HPLAPTOP | Source = Google Update | ID = 20
Description =

Error - 4/20/2011 1:12:59 AM | Computer Name = HPLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieframe.dll, version 8.0.6001.18928, fault address 0x001016ad.

[ System Events ]
Error - 4/20/2011 1:45:58 AM | Computer Name = HPLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 4/20/2011 1:50:54 AM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 4/20/2011 2:15:26 AM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Distributed Transaction Coordinator service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/20/2011 2:15:26 AM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Message Queuing Triggers service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/20/2011 2:15:26 AM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Message Queuing service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/20/2011 2:23:34 AM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%3

Error - 4/20/2011 2:23:44 AM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde PCIIde Pcmcia ViaIde

Error - 4/20/2011 2:28:28 AM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 4/20/2011 7:13:32 AM | Computer Name = HPLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 4/20/2011 7:13:32 AM | Computer Name = HPLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1ca4420d0328236
with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}


< End of report >




here is the secod log
OTL logfile created on: 4/21/2011 11:25:27 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Guest\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.01 Gb Total Space | 29.19 Gb Free Space | 47.07% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 74.43 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive E: | 11.48 Gb Total Space | 1.37 Gb Free Space | 11.95% Space Free | Partition Type: FAT32

Computer Name: HPLAPTOP | User Name: Guest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 12:21:30 | 000,178,840 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RAV\RsTray.exe
PRC - [2011/04/20 07:44:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\My Documents\Downloads\OTL.exe
PRC - [2011/04/19 17:39:06 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/03/23 10:30:15 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2006/06/27 18:31:34 | 000,102,400 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
PRC - [2006/05/09 15:09:32 | 000,073,728 | ---- | M] (Starz) -- C:\Program Files\Vongo\Tray.exe
PRC - [2005/09/24 11:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/06/09 14:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe


========== Modules (SafeList) ==========

MOD - [2011/04/20 07:44:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/20 01:32:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 10:30:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2008/04/09 13:00:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/05/17 17:48:40 | 000,000,000 | ---D | M]

[2009/04/24 10:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
[2011/04/21 23:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dws4edpc.default\extensions
[2011/04/20 07:18:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dws4edpc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/21 22:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/15 21:13:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/12/06 20:10:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/10/03 08:04:28 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/11 11:10:48 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/03/16 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [RavTRAY] C:\Program Files\Rising\RAV\RSTRAY.EXE (Beijing Rising Information Technology Co., Ltd.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: SmartShopper - Compare travel rates - {99819CC8-3111-410c-A2B7-38BB530386EE} - Reg Error: Key error. File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0DA69429-A757-4D6F-A827-DB1AF052DDAF} https://portal.globa.../plugins/VA.cab (M6 - VA Launcher)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} https://portal.globa...ns/VMPlayer.cab (M6 - VM Player Launcher)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Wave.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bsmain) - C:\WINDOWS\System32\bsmain.exe (Beijing Rising Information Technology Co., Ltd.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/21 23:01:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/20 11:45:55 | 000,000,000 | R--D | C] -- C:\RavBin
[2011/04/20 11:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rising Antivirus
[2011/04/20 11:45:52 | 000,023,576 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\HookTdi.sys
[2011/04/20 11:45:48 | 000,234,648 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\ravext.dll
[2011/04/20 11:45:48 | 000,031,896 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\hvm.sys
[2011/04/20 11:45:47 | 000,239,768 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\bsmain.exe
[2011/04/20 11:45:43 | 000,168,600 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\Hooksys.sys
[2011/04/20 11:45:43 | 000,038,424 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\HookHelp.sys
[2011/04/20 11:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Rising
[2011/04/20 11:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rising
[2011/04/20 02:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/04/20 02:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/04/20 02:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/20 02:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/04/20 02:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2011/04/20 02:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pc health check
[2011/04/20 02:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[2011/04/20 02:10:54 | 000,380,224 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\TuneUp360.ocx
[2011/04/20 02:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp360
[2011/04/20 02:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp360
[2011/04/20 01:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Sun
[2011/04/20 01:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\My Documents\Downloads
[2011/04/19 17:38:56 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/04/19 17:38:56 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/04/19 17:38:54 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/04/19 17:38:54 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/04/19 17:38:54 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/04/19 17:38:54 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/04/19 17:38:54 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/04/19 17:38:52 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/04/19 17:38:52 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/04/19 17:38:52 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2006/09/29 06:07:44 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnp2uvc.dll
[81 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/21 23:25:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E934539-2FB1-4007-B1FF-36365945E203}.job
[2011/04/21 23:17:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/21 23:08:16 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/04/21 23:07:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/04/21 23:04:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/21 23:04:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/21 23:04:08 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/21 22:31:48 | 000,015,666 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\je3h2o15iflr2wx2b63oyd5c6
[2011/04/21 22:30:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/20 13:09:12 | 000,000,178 | RHS- | M] () -- C:\rising.ini
[2011/04/20 13:09:12 | 000,000,050 | ---- | M] () -- C:\WINDOWS\rsbootbk.ini
[2011/04/20 11:45:54 | 000,001,993 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Restore Rising Software.lnk
[2011/04/20 11:45:54 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rising Antivirus.lnk
[2011/04/20 11:45:54 | 000,000,160 | ---- | M] () -- C:\WINDOWS\System32\BsMain.ini
[2011/04/20 11:44:39 | 000,234,648 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\ravext.dll
[2011/04/20 11:44:38 | 000,031,896 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\hvm.sys
[2011/04/20 11:44:37 | 000,239,768 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\bsmain.exe
[2011/04/20 11:44:32 | 000,168,600 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\Hooksys.sys
[2011/04/20 11:44:32 | 000,038,424 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\HookHelp.sys
[2011/04/20 11:44:32 | 000,023,576 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\HookTdi.sys
[2011/04/20 02:10:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\TuneUp360 Reminder.job
[2011/04/20 02:10:54 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp360.lnk
[2011/04/19 17:38:56 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/04/19 17:38:56 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/04/19 17:38:54 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/04/19 17:38:54 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/04/19 17:38:54 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/04/19 17:38:54 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/04/19 17:38:54 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/04/19 17:38:52 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/04/19 17:38:52 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/04/19 17:38:52 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/04/19 15:57:45 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\ARO 2011.job
[2011/04/11 15:47:18 | 000,425,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/08 20:00:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - owner.job
[2011/04/07 14:27:56 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/28 16:44:28 | 000,549,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 16:44:28 | 000,111,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 20:08:11 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[81 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/21 23:07:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/04/21 23:06:40 | 000,002,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/04/20 13:09:12 | 000,000,050 | ---- | C] () -- C:\WINDOWS\rsbootbk.ini
[2011/04/20 11:45:57 | 000,000,178 | RHS- | C] () -- C:\rising.ini
[2011/04/20 11:45:54 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rising Antivirus.lnk
[2011/04/20 11:45:54 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\BsMain.ini
[2011/04/20 11:45:53 | 000,001,993 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Restore Rising Software.lnk
[2011/04/20 02:10:58 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\TuneUp360 Reminder.job
[2011/04/20 02:10:54 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp360.lnk
[2011/04/20 01:08:47 | 000,015,666 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\je3h2o15iflr2wx2b63oyd5c6
[2009/06/18 15:46:25 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/04/24 10:20:09 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat
[2009/04/14 13:23:35 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2009/01/05 18:58:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/02/04 11:29:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\VoissUtils.dll
[2008/01/08 01:11:42 | 000,000,341 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/15 19:10:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/12/14 20:58:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/17 14:06:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/12/19 02:05:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/29 06:07:45 | 000,102,400 | ---- | C] () -- C:\WINDOWS\HPWebcam.exe
[2006/08/07 17:37:22 | 000,000,219 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/07 17:32:59 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/07 17:32:59 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/07 17:18:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/07 17:06:22 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/20 01:58:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/20 01:58:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/07/20 01:58:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/20 01:58:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/07/20 01:58:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/20 01:58:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/20 01:58:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/07/20 01:58:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/07/20 01:58:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/06 06:28:58 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2006/06/29 15:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 14:46:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:27:08 | 000,549,700 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 14:27:08 | 000,111,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 14:18:06 | 000,425,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 14:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 14:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/16 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 00:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/03/16 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 14:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/02 15:24:26 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\sx80lc.ini
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/12/21 16:35:36 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\sx5363.ini

========== LOP Check ==========

[2010/01/25 23:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/08/07 17:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/10/19 01:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/04/14 13:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeatReceipts Professional
[2011/04/20 02:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pc health check
[2009/08/27 11:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/04/20 11:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rising
[2011/04/20 02:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2011/04/21 23:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/20 02:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[2007/04/14 21:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/26 00:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/04/24 10:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\HotSync
[2009/10/29 12:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Research In Motion
[2011/04/19 15:57:45 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\ARO 2011.job
[2011/04/20 02:10:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\TuneUp360 Reminder.job
[2011/04/21 23:25:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3E934539-2FB1-4007-B1FF-36365945E203}.job

========== Purity Check ==========



< End of report >



i could not down load the mbr program my computer wont let me do it.

I down loaded the trial version of avg to my computer i also downloaded sising sun
  • 0

#6
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Please run all the fixes and tools logged on as Administrator, sometimes it will prevent them from running correctly if you are logged on without administrator rights..

Please don't install AVG because you should only have one AntiVirus installed.

Also you never posted the OTL fix log, please remember this time as I need to check that the malware has been successfully removed :D

========
Step 1
========

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/04/21 22:31:48 | 000,015,666 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\je3h2o15iflr2wx2b63oyd5c6
    :Services
    
    :Reg
    
    :Files
    C:\Documents and Settings\All Users\Application Data\je3h2o15iflr2wx2b63oyd5c6
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done. It will produce a fix log, please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

========
Step 2
========

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply

========
Step 3
========


Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.

========
Step 4
========

Please remember to post the following:
The OTL fix log.
New OTL scan log.
aswMBR check log.
MBAM scan log.
Please let me know what problems you are having with your pc.

Homburg
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP