Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HTML/Rce.Gen HTML script virus detected by Avira

Started by dm27 , Apr 22 2011 08:02 PM

  • Please log in to reply

#1
dm27
Posted 22 April 2011 - 08:02 PM

dm27

    Member

  • Member
  • PipPipPip
  • 272 posts
Greetings Geeks to Go,

This morning Avira detected this virus, HTML/Rce.Gen HTML script virus. I allowed Avira to place it in quarantine and had to go to work for the day.

Later this evening, I ran a full scan with Avira and it detected the same virus 12 more times in my System Volume folder, which I found strange. Anyway, I placed all those files in quarantine and then deleted them. In addition, I turned off System Restore to clear it and the restarted System Restore.

As I was researching the HTML/Rce.Gen virus, Avira detected this virus, HTML/Infected.WebPage.Gen HTML script virus, which I had it quarantine.

My machine has no apparent symptoms aside from these recent Avira detections/blocking actions. I can provide the Avira scan log if needed.

Please see the OTL log below and I appreciate any guidance offered.

Best regards,

dm


OTL logfile created on: 04/22/2011 9:27:13 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\David\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1,022.00 Mb Total Physical Memory | 510.00 Mb Available Physical Memory | 50.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2560 2560 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.79 Gb Total Space | 17.38 Gb Free Space | 28.60% Space Free | Partition Type: NTFS
Drive D: | 12.71 Gb Total Space | 0.77 Gb Free Space | 6.07% Space Free | Partition Type: FAT32

Computer Name: DM | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 21:25:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
PRC - [2011/03/17 21:08:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/16 14:44:34 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/20 19:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/10 22:41:16 | 000,973,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2010/11/10 22:40:51 | 000,380,784 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2010/11/10 22:40:05 | 002,345,000 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2010/11/10 22:39:24 | 003,653,208 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/22 21:25:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
MOD - [2010/11/10 22:41:41 | 001,106,952 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 20:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/13 20:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 20:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (a2AntiMalware)
SRV - [2011/03/17 21:08:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/21 08:04:30 | 000,987,704 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 08:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/10 22:40:51 | 000,380,784 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/11/10 22:39:24 | 003,653,208 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006/12/29 14:59:39 | 000,086,016 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 21:08:43 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/20 19:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/22 18:48:32 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/10 22:41:52 | 000,038,856 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2010/11/10 22:41:51 | 000,029,272 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/11/10 22:41:49 | 000,025,000 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/11/10 22:41:48 | 000,202,064 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2010/10/08 22:10:12 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/16 19:40:24 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/16 19:40:24 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/25 07:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/10/23 02:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/06/19 00:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/12/01 22:49:00 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/20 06:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 05:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 05:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 05:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 04:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/01 19:00:04 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/01 18:58:28 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/05/11 01:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2011/04/20 19:12:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2011/02/18 21:14:04 | 000,000,000 | ---D | M]

[2010/11/07 11:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2010/11/07 11:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions\[email protected]
[2011/04/15 15:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions
[2010/09/23 21:16:12 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/03/20 20:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{1650a312-02bc-40ee-977e-83f158701739}-trash
[2010/12/22 22:54:29 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/12/11 18:50:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/15 00:10:20 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/12/02 19:06:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011/01/02 16:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/13 18:04:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/11/21 19:29:53 | 000,292,097 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 www.babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 www.did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 www.gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.kabex.com
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 www.miosearch.com
O1 - Hosts: 127.0.0.1 blue-elefant.com
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 10067 more lines...
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Free] File not found
O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260918508281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1260918490906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/22 21:22:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\David\Recent
[2011/04/22 21:20:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2011/04/22 20:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/22 20:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/16 18:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3

========== Files - Modified Within 30 Days ==========

[2011/04/22 21:25:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2011/04/12 23:50:52 | 000,435,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/12 23:50:52 | 000,069,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/12 22:33:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/12 22:31:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/12 22:31:20 | 000,390,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/12 22:19:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/01 23:40:27 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/03/27 11:01:23 | 002,929,042 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\stronglifts-5x5-report (1).pdf

========== Files Created - No Company Name ==========

[2011/03/27 11:01:30 | 002,929,042 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\stronglifts-5x5-report (1).pdf
[2010/11/10 22:41:52 | 000,038,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2010/04/29 19:28:36 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-FQE89.exe
[2010/04/29 19:22:33 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-C6FJA.exe
[2010/03/29 17:35:36 | 000,699,904 | ---- | C] () -- C:\WINDOWS\is-IE32R.exe
[2010/01/18 11:42:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/30 18:44:38 | 000,696,832 | ---- | C] () -- C:\WINDOWS\is-0ES7N.exe
[2009/12/26 20:37:08 | 000,202,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2009/12/04 07:45:11 | 000,696,832 | ---- | C] () -- C:\WINDOWS\is-7AQ8J.exe
[2009/11/12 19:17:55 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-KI40E.exe
[2009/11/03 18:39:30 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-1T32B.exe
[2009/05/25 17:24:31 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-GCS44.exe
[2009/04/20 19:38:36 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-5Q4U3.exe
[2009/03/19 22:19:05 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-V642E.exe
[2009/03/18 22:15:35 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/03/03 13:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/02/08 10:58:39 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-OA6M4.exe
[2008/10/09 18:27:24 | 000,051,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/01/17 00:14:03 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/01/17 00:14:03 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2070N.DAT
[2008/01/17 00:10:20 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/01/17 00:10:20 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2008/01/17 00:10:20 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/01/17 00:10:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2008/01/17 00:10:10 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2008/01/17 00:10:10 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2008/01/17 00:10:09 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2008/01/11 15:50:58 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/09/08 22:54:24 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/09/06 19:29:30 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/07/27 23:01:18 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/07/27 23:01:18 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/07/27 23:01:18 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/01/31 15:34:51 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2006/12/29 13:10:13 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/14 13:48:39 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/14 13:48:39 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/14 13:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2006/10/25 15:12:29 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/09/14 22:08:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/14 22:08:18 | 000,003,047 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/26 19:14:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/26 01:41:31 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/26 01:05:03 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\fusioncache.dat
[2006/04/13 09:44:10 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/13 09:42:18 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/04/13 09:42:18 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/13 09:25:04 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/13 09:06:36 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/13 08:59:36 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2005/12/02 06:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/08 13:49:00 | 000,112,794 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2005/08/17 13:39:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/17 13:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 13:21:10 | 000,435,854 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/17 13:21:10 | 000,069,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/17 13:21:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/17 13:03:56 | 000,390,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/17 12:58:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/17 12:53:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/03/14 14:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1998/08/16 07:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2006/04/13 09:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/12/26 20:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/01/23 21:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenDNS Updater
[2011/03/26 18:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/31 04:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2009/12/30 21:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Auslogics
[2009/02/06 21:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/04/28 23:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Copernic
[2010/11/07 11:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Flickr
[2009/02/26 21:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Foxit
[2006/12/20 21:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\gtopala
[2010/04/15 21:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Helios
[2006/09/13 21:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Leadertech
[2006/08/26 20:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\muvee Technologies
[2009/12/30 23:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\NVD
[2007/02/05 10:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\OfficeUpdate12
[2006/12/24 18:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\OLYMPUS
[2009/12/26 20:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\OnlineArmor
[2010/08/04 18:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\OpenDNS Updater
[2009/02/08 20:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\OpenOffice.org
[2011/01/16 14:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\SanDisk
[2010/01/01 12:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\SoftGrid Client
[2009/12/30 23:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\TP
[2006/09/01 23:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Walgreens
[2009/01/11 19:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\WinBatch
[2009/01/18 23:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\psisdecd.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\bgsvcgen.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe:SummaryInformation

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 27 April 2011 - 06:37 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
All the HTML/Infected.WebPage.Gen detection is saying is that you hit an infected web site in your searches. There doesn't appear to be any recent malware activity on your system. That said, you do have some strange files from about a year ago that look funny:

[2010/04/29 19:28:36 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-FQE89.exe
[2010/04/29 19:22:33 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-C6FJA.exe
[2010/03/29 17:35:36 | 000,699,904 | ---- | C] () -- C:\WINDOWS\is-IE32R.exe
[2009/12/30 18:44:38 | 000,696,832 | ---- | C] () -- C:\WINDOWS\is-0ES7N.exe
[2009/12/04 07:45:11 | 000,696,832 | ---- | C] () -- C:\WINDOWS\is-7AQ8J.exe
[2009/11/12 19:17:55 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-KI40E.exe
[2009/11/03 18:39:30 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-1T32B.exe
[2009/05/25 17:24:31 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-GCS44.exe
[2009/04/20 19:38:36 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-5Q4U3.exe
[2009/03/19 22:19:05 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-V642E.exe
[2009/03/18 22:15:35 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat


Go to http://virustotal.com and submit these file two files and see what they say about them.

C:\WINDOWS\is-FQE89.exe

C:\WINDOWS\install.dat

Ron
  • 0

#3
dm27
Posted 27 April 2011 - 12:27 PM

dm27

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 272 posts
Hello sir,

Thank you for the feedback.

I forgot to mention in my original post that both MBAM and SuperAntispywre scans both came back clean.

In regards to the two files both came back clean from all 41 scanners at VirusTotal.

Sincerely,

DM
  • 0

#4
RKinner
Posted 27 April 2011 - 08:31 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
I think Avira caught the infection before it got established so it did its job. We can run some more tests if you want.
Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

I do see that you have an older version of Java.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 21
but there may be others.

Now delete the folder C:\Program Files\Java

Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Open FF

Click on the Firefox box in the top left and select Add-Ons then Extensions. If you see Java Console 6.0.21 (6.0.24 or 25 is OK) Select it then Disable.

Download, Save to your desktop and run Speedy Fox.
http://www.crystalidea.com/speedyfox

(You will need to close Firefox)
Let it Speed up your Firefox. Exit

You should notice a significant reduction in FF start times. Speedyfox should be run anytime there is a change to Firefox such as a new Add-on.

Your FF is still Beta 6. You should upgrade to the latest version.
Ron
  • 0

#5
dm27
Posted 27 April 2011 - 09:43 PM

dm27

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 272 posts
Hello,

I have made the following updates per your suggestions. Please see my notes below.

Bitdefender scan
I will need to run this scan tomorrow evening. I hope that is ok and I will post the report once complete.

JAVA
In my Add/Remove programs, it showed I already had Version 6, Update 24. I did go ahead and delete the Java cache and Update 24. Then I updated to Version 6, Update 25.

I did not have a C:\Program Files\Java folder to delete, so I skipped that step.

SpeedyFox
Downloaded and ran the app successfully. Also my version of FF is actually 4.0.1 (which the lines below refer to, so I'm not sure why the folders refer to Beta 6) (any cause for concern?):

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2011/04/20 19:12:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2011/02/18 21:14:04 | 000,000,000 | ---D | M]

Thanks again for your assistance.

Best regards,

DM
  • 0

#6
dm27
Posted 28 April 2011 - 11:58 AM

dm27

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 272 posts
Hello RKinner,

Here are the results of the BitDefender quick scan:


QuickScan Beta 32-bit v0.9.9.90
-------------------------------
Scan date: Thu Apr 28 13:55:48 2011
Machine ID: 76733D6F



No infection found.
-------------------



Processes
---------
(unsigned) SansaDispatch 4020 C:\Documents and Settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

(verified) hpwuSchd Application 3536 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(verified) AntiVir Desktop 3096 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(verified) AntiVir Desktop 1800 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(verified) AntiVir Desktop 2028 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(verified) AntiVir Desktop 1564 C:\Program Files\Avira\AntiVir Desktop\sched.exe
(verified) ATI External Event Utility for WindowsN 1324 C:\WINDOWS\system32\ati2evxx.exe
(verified) ATI External Event Utility for WindowsN 696 C:\WINDOWS\system32\ati2evxx.exe
(verified) Emsisoft Online Armor 1096 C:\Program Files\Tall Emu\Online Armor\oacat.exe
(verified) Emsisoft Online Armor 3824 C:\Program Files\Tall Emu\Online Armor\oahlp.exe
(verified) Emsisoft Online Armor 1128 C:\Program Files\Tall Emu\Online Armor\oasrv.exe
(verified) Emsisoft Online Armor 3460 C:\Program Files\Tall Emu\Online Armor\oaui.exe
(verified) Firefox 2868 C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe
(verified) Firefox 3976 C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
(verified) Google Update 3948 C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified) hpqwmiex Module 1648 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(verified) LightScribe 1892 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(verified) Malwarebytes' Anti-Malware 3728 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) Malwarebytes' Anti-Malware 168 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(verified) Microsoft® Visual Studio .NET 380 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(verified) Microsoft® Windows® Operating System 3052 C:\WINDOWS\ehome\ehmsas.exe
(verified) Microsoft® Windows® Operating System 2932 C:\WINDOWS\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System 1404 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 440 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 520 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 316 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1528 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 972 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 916 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 872 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 816 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 716 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 576 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 472 C:\WINDOWS\system32\winlogon.exe
(verified) OpenDNSUpdater.exe 3816 C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
(verified) Secunia Update Agent 896 C:\Program Files\Secunia\PSI\sua.exe
(verified) Synaptics Pointing Device Driver 2964 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


Network activity
----------------
Process plugin-container.exe (3976) connected on port 80 (HTTP) --> 74.125.65.102
Process plugin-container.exe (3976) connected on port 80 (HTTP) --> 66.235.142.58
Process plugin-container.exe (3976) connected on port 80 (HTTP) --> 66.220.149.18

Process svchost.exe (816) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
(unsigned) SansaDispatch C:\Documents and Settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
(unsigned) Recguard Application C:\Windows\SMINST\RecGuard.exe

(verified) hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(verified) ATI External Event Utility for NT, W2K C:\WINDOWS\system32\ati2evxx.dll
(verified) AUTOBACK.EXE C:\Program Files\ERUNT\AUTOBACK.EXE
(verified) cpqset.exe C:\Program Files\HPQ\Default Settings\cpqset.exe
(verified) Emsisoft Online Armor c:\program files\tall emu\online armor\oaevent.dll
(verified) Emsisoft Online Armor C:\Program Files\Tall Emu\Online Armor\oaui.exe
(verified) Google Update C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified) InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(verified) Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) OpenDNSUpdater.exe C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
(verified) SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
(verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
(verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(verified) Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
(unsigned) IE Tab Plug-in C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
(unsigned) Java™ Platform SE 6 U25 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins\nppdf32.dll
(verified) Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified) BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
(verified) Chrome IE Tab C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\1.4.30.4_0\plugin\blackfishietab.dll
(verified) devenum.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\devenum.exe
(verified) devenum.exe C:\WINDOWS\Downloaded Program Files\devenum.exe
(verified) dshortcut Application C:\WINDOWS\Downloaded Program Files\CONFLICT.1\shortcut.exe
(verified) dshortcut Application C:\WINDOWS\Downloaded Program Files\shortcut.exe
(verified) ECOM Server C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll
(verified) FFHook.dll C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{1650a312-02bc-40ee-977e-83f158701739}-trash\components\FFHook.dll
(verified) getPlusPlus for Adobe 16291 C:\Program Files\NOS\bin\np_gp.dll
(verified) Google Update C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
(verified) Hewlett-Packard Monitor Service C:\WINDOWS\Downloaded Program Files\CONFLICT.1\hpmonZ.exe
(verified) Hewlett-Packard Monitor Service C:\WINDOWS\Downloaded Program Files\hpmonZ.exe
(verified) Hewlett-Packard Online Support Services C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HPISDataManager.dll
(verified) Hewlett-Packard Online Support Services C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll
(verified) IDVectra32 C:\WINDOWS\Downloaded Program Files\idvectra.exe
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
(verified) Java Deployment Toolkit 6.0.250.6 C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins\npdeployJava1.dll
(verified) Java™ Platform SE 6 U25 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins\np-mswmp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
(verified) MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
(verified) MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\PURen-us.dll
(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verified) Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll
(verified) Process Scanner C:\WINDOWS\Downloaded Program Files\sabspx.dll
(verified) saSetup64.exe C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\saSetup64.exe
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
(verified) Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\naveng32.dll
(verified) Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\navex32a.dll
(verified) temp.exe C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\temp.exe
(verified) TVicHW32 Generic Device Driver for Wind C:\WINDOWS\Downloaded Program Files\tvichw32.sys
(verified) unzip.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\unzip.exe
(verified) unzip.exe C:\WINDOWS\Downloaded Program Files\unzip.exe
(verified) Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) wot.dll c:\program files\wot\wot.dll


Missing files
-------------
File not found: 0
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"Wisdom-soft ScreenHunter 5.1 Free"

File not found: C:\DOCUME~1\David\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys
--> HKLM\System\ControlSet001\services\pciinfo\"ImagePath"

File not found: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
--> HKLM\System\ControlSet001\services\Avg7Alrt\"ImagePath"

File not found: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
--> HKLM\System\ControlSet001\services\AVGEMS\"ImagePath"

File not found: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
--> HKLM\System\ControlSet001\services\Avg7UpdSvc\"ImagePath"

File not found: C:\Program Files\Comodo\Firewall\cmdagent.exe
--> HKLM\System\ControlSet001\services\CmdAgent\"ImagePath"

File not found: C:\Program Files\SiteAdvisor\5020\SAService.exe
--> HKLM\System\ControlSet001\services\SiteAdvisor Service\"ImagePath"

File not found: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--> HKLM\System\ControlSet001\services\WebrootSpySweeperService\"ImagePath"

File not found: C:\WINDOWS\System32\Drivers\avg7core.sys
--> HKLM\System\ControlSet001\services\Avg7Core\"ImagePath"

File not found: C:\WINDOWS\System32\Drivers\avg7rsw.sys
--> HKLM\System\ControlSet001\services\Avg7RsW\"ImagePath"

File not found: C:\WINDOWS\System32\Drivers\avg7rsxp.sys
--> HKLM\System\ControlSet001\services\Avg7RsXP\"ImagePath"

File not found: C:\WINDOWS\System32\Drivers\avgclean.sys
--> HKLM\System\ControlSet001\services\AvgClean\"ImagePath"

File not found: C:\WINDOWS\System32\Drivers\avgtdi.sys
--> HKLM\System\ControlSet001\services\AvgTdi\"ImagePath"

File not found: C:\WINDOWS\system32\SearchIndexer.exe /Embedding
--> HKLM\System\ControlSet001\services\WSearch\"ImagePath"

File not found: C:\WINDOWS\system32\drivers\EABFiltr.sys
--> HKLM\System\ControlSet001\services\eabfiltr\"ImagePath"

File not found: C:\WINDOWS\system32\drivers\eabusb.sys
--> HKLM\System\ControlSet001\services\eabusb\"ImagePath"

File not found: SYSTEM32\Drivers\SSFS0509.SYS
--> HKLM\System\ControlSet001\services\SSFS0509\"ImagePath"

File not found: SYSTEM32\Drivers\SSHRMD.SYS
--> HKLM\System\ControlSet001\services\SSHRMD\"ImagePath"

File not found: SYSTEM32\Drivers\SSIDRV.SYS
--> HKLM\System\ControlSet001\services\SSIDRV\"ImagePath"

File not found: System32\DRIVERS\cmdmon.sys
--> HKLM\System\ControlSet001\services\CmdMon\"ImagePath"

File not found: System32\DRIVERS\inspect.sys
--> HKLM\System\ControlSet001\services\Inspect\"ImagePath"

File not found: System32\Drivers\sskbfd.sys
--> HKLM\System\ControlSet001\services\SSKBFD\"ImagePath"


Scan
----
(unsigned) MD5: 073f4f8c7f5d70076d498c0e57942b97 C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
(unsigned) MD5: e634a88cfa85f413e2d41476520d61bc C:\Documents and Settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
(unsigned) MD5: c56968d8d0f8e4f5487654b42825d187 C:\Program Files\Avira\AntiVir Desktop\aecore.dll
(unsigned) MD5: ee0477f95aaf614c5cb14f324ca48c3d C:\Program Files\Avira\AntiVir Desktop\aeemu.dll
(unsigned) MD5: f3e48d65978aa92792a6b763e5fa43b4 C:\Program Files\Avira\AntiVir Desktop\aegen.dll
(unsigned) MD5: 3bcdffbf6f488524abb81c9af96ee18f C:\Program Files\Avira\AntiVir Desktop\aehelp.dll
(unsigned) MD5: 466f024d86233071807fd237c93c6972 C:\Program Files\Avira\AntiVir Desktop\aeheur.dll
(unsigned) MD5: 40c26320cdde1b8e6cffd08349d7d3a1 C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll
(unsigned) MD5: 23062d3817da231a3f2b716730a6a116 C:\Program Files\Avira\AntiVir Desktop\aepack.dll
(unsigned) MD5: a0d0d6e981ccbd7f80f31531af0f26c0 C:\Program Files\Avira\AntiVir Desktop\aerdl.dll
(unsigned) MD5: bd8e5b4b16db2a53709ea74df7b22282 C:\Program Files\Avira\AntiVir Desktop\aesbx.dll
(unsigned) MD5: 864e4cec9f60c25a8a93ad3784da2e64 C:\Program Files\Avira\AntiVir Desktop\aescn.dll
(unsigned) MD5: 8953589696de6d5159d6b454f13b692a C:\Program Files\Avira\AntiVir Desktop\aescript.dll
(unsigned) MD5: dc4075c135ef78f6bc8674bb4c87e0b5 C:\Program Files\Avira\AntiVir Desktop\avgio.dll
(unsigned) MD5: bf1e084c7907b6ed52c26f847e3b725b C:\Program Files\Avira\AntiVir Desktop\ccgen.dll
(unsigned) MD5: f05a5753c308425749b37acd39a5f760 C:\Program Files\Avira\AntiVir Desktop\ccgenrc.dll
(unsigned) MD5: e65e277c50bd5967b5e92c7744dba7bc C:\Program Files\Avira\AntiVir Desktop\ccguard.dll
(unsigned) MD5: 54ceee9d7aa46f3311d247bf57bbee36 C:\Program Files\Avira\AntiVir Desktop\cclic.dll
(unsigned) MD5: 400ab97179f05ba68b755d8971f262f2 C:\Program Files\Avira\AntiVir Desktop\ccmsg.dll
(unsigned) MD5: 7d541c5e5cdfb46d68ac60012c5d7acd C:\Program Files\Avira\AntiVir Desktop\ccupdate.dll
(unsigned) MD5: a93a23d1d8922fe1e625d9884c275ff5 C:\Program Files\Avira\AntiVir Desktop\ccupdrc.dll
(unsigned) MD5: 47766f6b79a25af04ed3f6f2b02aa4cb C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
(unsigned) MD5: 7464c6694036b42ba237eb723a34d0f4 C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
(unsigned) MD5: 50e1ad6ad13e890cf20e1ef827c76a7e C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL
(unsigned) MD5: ed5394c852ae873d5a67e14e8049881d C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) MD5: c764f15f0ae8a02df1523cb24f355b22 C:\Windows\SMINST\RecGuard.exe


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.04 MB sent, 0.58 KB recvd
Scanned 1063 files and modules - 8 seconds

==============================================================================
  • 0

#7
RKinner
Posted 28 April 2011 - 12:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
I see a lot of broken drivers but no malware. Some from Spysweeper and some from AVG:
Download save and run the AVG removal tool
http://download.avg....6_2011_1184.exe

Follow the instructions at the bottom of this page:
http://resnet.bridge...phostrouble.htm

That might get rid of some of them.

Download OTL:
http://www.geekstogo...timers-list-it/
Run OTL

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#8
dm27
Posted 28 April 2011 - 01:24 PM

dm27

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 272 posts
hello again,

I ran the AVG and Spysweeper uninstallers as requested. Please see the new OTL and Extra logs:


OTL logfile created on: 04/28/2011 3:03:37 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\David\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1,022.00 Mb Total Physical Memory | 489.00 Mb Available Physical Memory | 48.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2560 2560 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.79 Gb Total Space | 16.80 Gb Free Space | 27.65% Space Free | Partition Type: NTFS
Drive D: | 12.71 Gb Total Space | 0.77 Gb Free Space | 6.06% Space Free | Partition Type: FAT32

Computer Name: DM | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/28 14:58:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
PRC - [2011/04/27 14:01:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/17 21:08:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/16 14:44:34 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2010/12/21 08:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/20 19:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/10 22:41:16 | 000,973,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2010/11/10 22:40:51 | 000,380,784 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2010/11/10 22:40:05 | 002,345,000 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2010/11/10 22:39:24 | 003,653,208 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/28 14:58:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
MOD - [2010/11/10 22:41:41 | 001,106,952 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 20:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/13 20:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 20:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (a2AntiMalware)
SRV - [2011/04/27 14:01:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/17 21:08:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/21 08:04:30 | 000,987,704 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 08:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/10 22:40:51 | 000,380,784 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/11/10 22:39:24 | 003,653,208 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2006/12/29 14:59:39 | 000,086,016 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 21:08:43 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/20 19:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/22 18:48:32 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/10 22:41:52 | 000,038,856 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2010/11/10 22:41:51 | 000,029,272 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/11/10 22:41:49 | 000,025,000 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/11/10 22:41:48 | 000,202,064 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2010/10/08 22:10:12 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/16 19:40:24 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/16 19:40:24 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/25 07:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/10/23 02:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/06/19 00:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/12/01 22:49:00 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/20 06:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 05:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 05:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 05:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 04:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/01 19:00:04 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/01 18:58:28 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/05/11 01:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2011/04/20 19:12:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2011/02/18 21:14:04 | 000,000,000 | ---D | M]

[2010/11/07 11:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2010/11/07 11:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions\[email protected]
[2011/04/15 15:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions
[2010/09/23 21:16:12 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/03/20 20:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{1650a312-02bc-40ee-977e-83f158701739}-trash
[2010/12/22 22:54:29 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/12/11 18:50:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/15 00:10:20 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/12/02 19:06:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\k5ccywax.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011/01/02 16:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/13 18:04:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/11/21 19:29:53 | 000,292,097 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 www.babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 www.did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 www.gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.kabex.com
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 www.miosearch.com
O1 - Hosts: 127.0.0.1 blue-elefant.com
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 10067 more lines...
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Free] File not found
O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260918508281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1260918490906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 14:58:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2011/04/28 14:52:16 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\David\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/04/27 23:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\QuickScan
[2011/04/27 23:25:39 | 000,476,064 | ---- | C] (SpeedyFox) -- C:\Documents and Settings\David\Desktop\speedyfox.exe
[2011/04/27 23:21:39 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/27 23:21:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/27 23:21:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/27 23:21:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/27 23:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/26 07:24:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\David\Recent
[2011/04/22 23:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/04/22 23:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/04/22 20:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/22 20:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/16 18:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3

========== Files - Modified Within 30 Days ==========

[2011/04/28 15:06:06 | 000,435,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/28 15:06:06 | 000,069,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/28 15:02:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/28 15:00:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/28 14:58:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2011/04/28 14:53:39 | 000,741,363 | ---- | M] () -- C:\Documents and Settings\David\Desktop\SSECleanup.zip
[2011/04/28 14:52:12 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\David\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/04/27 23:25:39 | 000,476,064 | ---- | M] (SpeedyFox) -- C:\Documents and Settings\David\Desktop\speedyfox.exe
[2011/04/27 23:21:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/27 23:21:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/27 23:21:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/27 23:21:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/27 23:21:18 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/26 23:25:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2901453095-4258991911-2665346879-1005Core.job
[2011/04/24 22:20:37 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2011/04/12 22:31:20 | 000,390,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/12 22:19:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/01 23:40:27 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk

========== Files Created - No Company Name ==========

[2011/04/28 14:53:41 | 000,741,363 | ---- | C] () -- C:\Documents and Settings\David\Desktop\SSECleanup.zip
[2010/11/10 22:41:52 | 000,038,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2010/04/29 19:28:36 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-FQE89.exe
[2010/04/29 19:22:33 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-C6FJA.exe
[2010/03/29 17:35:36 | 000,699,904 | ---- | C] () -- C:\WINDOWS\is-IE32R.exe
[2010/01/18 11:42:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/30 18:44:38 | 000,696,832 | ---- | C] () -- C:\WINDOWS\is-0ES7N.exe
[2009/12/26 20:37:08 | 000,202,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2009/12/04 07:45:11 | 000,696,832 | ---- | C] () -- C:\WINDOWS\is-7AQ8J.exe
[2009/11/12 19:17:55 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-KI40E.exe
[2009/11/03 18:39:30 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-1T32B.exe
[2009/05/25 17:24:31 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-GCS44.exe
[2009/04/20 19:38:36 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-5Q4U3.exe
[2009/03/19 22:19:05 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-V642E.exe
[2009/03/18 22:15:35 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/03/03 13:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/02/08 10:58:39 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-OA6M4.exe
[2008/10/09 18:27:24 | 000,051,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/01/17 00:14:03 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/01/17 00:14:03 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2070N.DAT
[2008/01/17 00:10:20 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/01/17 00:10:20 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2008/01/17 00:10:20 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/01/17 00:10:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2008/01/17 00:10:10 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2008/01/17 00:10:10 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2008/01/17 00:10:09 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2008/01/11 15:50:58 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/09/08 22:54:24 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/09/06 19:29:30 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/07/27 23:01:18 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/07/27 23:01:18 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/07/27 23:01:18 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/01/31 15:34:51 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2006/12/29 13:10:13 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/14 13:48:39 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/14 13:48:39 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/14 13:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2006/10/25 15:12:29 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/09/14 22:08:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/14 22:08:18 | 000,003,047 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/26 19:14:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/26 01:41:31 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/26 01:05:03 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\fusioncache.dat
[2006/04/13 09:44:10 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/13 09:42:18 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/04/13 09:42:18 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/13 09:25:04 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/13 09:06:36 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/13 08:59:36 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2005/12/02 06:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/08 13:49:00 | 000,112,794 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2005/08/17 13:39:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/17 13:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 13:21:10 | 000,435,854 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/17 13:21:10 | 000,069,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/17 13:21:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/17 13:03:56 | 000,390,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/17 12:58:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/17 12:53:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/03/14 14:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1998/08/16 07:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\psisdecd.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\bgsvcgen.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe:SummaryInformation

< End of report >




Extra log

OTL Extras logfile created on: 04/28/2011 3:03:37 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\David\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1,022.00 Mb Total Physical Memory | 489.00 Mb Available Physical Memory | 48.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2560 2560 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.79 Gb Total Space | 16.80 Gb Free Space | 27.65% Space Free | Partition Type: NTFS
Drive D: | 12.71 Gb Total Space | 0.77 Gb Free Space | 6.06% Space Free | Partition Type: FAT32

Computer Name: DM | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01ED0835-5D97-BF31-6AF2-7553A87014F9}" = ccc-core-static
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05C6A773-20AB-49C8-AF2F-FE6C83C083EB}" = Brother HL-2070N
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31180401-FE98-6EF7-9DB0-CB6509E5D44D}" = ccc-core-preinstall
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E8D32E-CD66-6D3B-5BDF-588B2AFB4656}" = CCC Help English
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{57ED31E0-BCF4-67D3-DF6B-4239FDA77C11}" = Catalyst Control Center Graphics Full New
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6759A77E-9163-F3BE-5602-D4DFD5CC8DD2}" = Skins
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7EB94EB2-9A5E-4FCC-B940-9E11AB8AF933}" = Album Art Fixer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8830F934-C6FE-C47E-5840-E6FFBD68DCE2}" = ccc-utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{97915182-C85B-AF14-8B21-D900E0958A4E}" = Catalyst Control Center Core Implementation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A87F497-A986-F862-E830-FCBBE3BDCA03}" = Catalyst Control Center Graphics Previews Common
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9A84D37-5FAE-8317-1E6C-BAE79F15B88B}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{DC0D1DD4-C894-341F-538E-5DD09F039D63}" = Catalyst Control Center Graphics Light
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blueline_is1" = Blueline version 1.1.1
"CCleaner" = CCleaner
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1" = Online Armor 4.0
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (2.0.0.1003)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Requirements Lab" = System Requirements Lab
"Tweak UI 2.10" = Tweak UI
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/16/2011 12:15:04 AM | Computer Name = DM | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 04/17/2011 1:00:31 AM | Computer Name = DM | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 04/17/2011 1:00:32 AM | Computer Name = DM | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 04/22/2011 6:53:49 AM | Computer Name = DM | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 8252 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 04/22/2011 6:53:49 AM | Computer Name = DM | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 04/22/2011 6:53:24 PM | Computer Name = DM | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 8252 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 04/22/2011 7:33:47 PM | Computer Name = DM | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 8252 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 04/22/2011 8:12:18 PM | Computer Name = DM | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 8252 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 04/23/2011 8:28:36 AM | Computer Name = DM | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 8252 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 04/28/2011 3:01:23 PM | Computer Name = DM | Source = Media Center Extender Services | ID = 36865
Description = ERROR: Device Service Listener - UDP networking failed. Error code
0x8007271D.

[ System Events ]
Error - 04/28/2011 3:07:44 PM | Computer Name = DM | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 04/28/2011 3:07:45 PM | Computer Name = DM | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 04/28/2011 3:07:45 PM | Computer Name = DM | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 04/28/2011 3:07:57 PM | Computer Name = DM | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 04/28/2011 3:07:57 PM | Computer Name = DM | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 04/28/2011 3:07:59 PM | Computer Name = DM | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 04/28/2011 3:07:59 PM | Computer Name = DM | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 04/28/2011 3:07:59 PM | Computer Name = DM | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 04/28/2011 3:07:59 PM | Computer Name = DM | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 04/28/2011 3:07:59 PM | Computer Name = DM | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >
  • 0

#9
RKinner
Posted 28 April 2011 - 02:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Error - 04/28/2011 3:07:44 PM | Computer Name = DM | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Right click on My Computer and select Manage then Services and Applications then Services. In the right pane find Telephony and right click and select Properties then change the Startup Type: to Automatic then Apply. Try to Start the service. do you get an error?

If not, find Remote Access Connection Manager service and try to start it. Does it start?

Ron
  • 0

#10
dm27
Posted 28 April 2011 - 08:55 PM

dm27

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 272 posts
Hello Ron,


Right click on My Computer and select Manage then Services and Applications then Services. In the right pane find Telephony and right click and select Properties then change the Startup Type: to Automatic then Apply. Try to Start the service. do you get an error?

I was able to start this service with no errors...

If not, find Remote Access Connection Manager service and try to start it. Does it start?

Yes, this service started with no errors after starting the Telephony service.

Again, thank you for taking time to review these logs.

Sincerely,

DM
  • 0

#11
RKinner
Posted 29 April 2011 - 08:58 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
From your other errors, you need to reinstall MS DTC.

http://support.micro...kb/891801/en-us

Let's clear the logs and reboot and see what errors you still get:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear Log or Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP