Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

firefox gives 'open with' dialog box --cannot open exe files e


  • Please log in to reply

#1
fullspeed2

fullspeed2

    Member

  • Member
  • PipPip
  • 19 posts
I got some sort of bug from a website for complainers. I wasnt there to complain, it just came up when i googled my bank so i took a look--big mistake. AVG free pops up and says that 2 files were at risk and offered to quaranteen so i said ok. Now when i try to open firefox, i get a 'open with' box where i can choose firefox and it opens ok. Then i get another box asking if i want to dl firefox.exe. so i did. When i tried to open firefox.exe the first time, i got an error something like rundll.exe not found but it doesnt to that any longer. Now when i open firefox.exe I get another open with box. I tried to use the OTL.exe but it would not open either so i used one of the alternates. here is the log. it created 2, the later named extra---

OTL logfile created on: 5/14/2011 01:58:48 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 18.84 Gb Free Space | 25.30% Space Free | Partition Type: NTFS

Computer Name: BEDROOM | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 13:50:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.scr
PRC - [2011/05/06 14:02:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 13:50:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.scr
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpShHook.dll
MOD - [1997/12/05 16:31:12 | 000,158,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Script Control\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ZipToA)
SRV - File not found [Disabled | Stopped] -- -- (Symantec Core LC)
SRV - File not found [Auto | Stopped] -- -- (KodakCCS)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/19 11:29:52 | 002,041,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/19 11:29:52 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/01/30 18:55:44 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hphipm09.exe -- (Pml Driver)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/18 18:12:23 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2005/02/01 19:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/14 11:58:12 | 001,296,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/01/30 18:55:44 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphid409.sys -- (Dot4 HPH09)
DRV - [2003/01/30 18:55:44 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2003/01/30 18:55:44 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1047

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedengine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.4
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/04/14 18:10:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 09:59:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 14:02:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 14:02:43 | 000,000,000 | ---D | M]

[2009/08/22 20:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Extensions
[2011/05/06 14:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions
[2010/04/27 12:35:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/06 14:03:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/03 19:04:12 | 000,000,000 | ---D | M] ("Gobox Toolbar") -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\[email protected]
[2011/05/06 13:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/20 23:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TODD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SGR9VMUH.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
[2011/05/11 09:59:19 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/07/20 23:51:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/06 14:02:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/20 23:51:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/05/06 14:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/12/06 20:51:29 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2002/08/29 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {86227D9C-0EFE-4F8A-AA55-30386A3F5686} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [avsuite] File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk = C:\WINDOWS\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe (Acresso Software Inc.)
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\GoBox.lnk = C:\Program Files\GoBox Toolbar\gobox_desktop.exe (AddOn Exchange, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: amphire.net ([commerce] http in Trusted sites)
O15 - HKCU\..Trusted Domains: csplans.com ([teamsterups] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://www104.coolsa...oad/cscmv5X.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.3.4.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.55.5.10 209.55.5.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{196e3eee-8cff-11dd-bcca-001c10e6631e}\Shell\AutoRun\command - "" = L:\PMB_Portable.exe
O33 - MountPoints2\{5080f487-f560-11dc-bc98-001c10e6631e}\Shell - "" = AutoRun
O33 - MountPoints2\{5080f487-f560-11dc-bc98-001c10e6631e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5080f487-f560-11dc-bc98-001c10e6631e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f4975cd6-6273-11dc-bc7a-000cf1b69362}\Shell - "" = AutoRun
O33 - MountPoints2\{f4975cd6-6273-11dc-bc7a-000cf1b69362}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4975cd6-6273-11dc-bc7a-000cf1b69362}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Todd\Local Settings\Application Data\pcr.exe" -a "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Todd\Local Settings\Application Data\pcr.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 13:50:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.scr
[2011/05/14 13:50:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2011/05/12 15:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/05/12 15:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Audacity
[2011/05/12 15:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2011/05/12 15:26:55 | 014,521,008 | ---- | C] (Audacity Team ) -- C:\Documents and Settings\Todd\Desktop\audacity-win-unicode-1.3.13.exe
[2011/05/12 15:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Audio Recorder Professional
[2011/05/12 15:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Audio Recorder Professional
[2011/05/12 15:17:44 | 005,127,876 | ---- | C] (Loadtrend, Inc. ) -- C:\Documents and Settings\Todd\Desktop\WindowsAudioRecorder.exe
[2011/05/06 14:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/05/05 17:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\email pics
[2011/05/04 21:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/04 21:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/04 21:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/04 21:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/03 18:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Start Menu\Programs\GoBox
[2011/05/03 18:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\GoBox Toolbar
[2010/01/20 23:12:29 | 000,081,920 | ---- | C] (WIZnet Corp.) -- C:\Program Files\Common Files\WIZ1x0SR_105SR_CFG.exe
[2010/01/20 23:12:28 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\MSVCR80.dll
[69 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,065,348 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Order in Suit to Modify Parent-Child Relationship02.wpd
[2011/05/14 13:50:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.scr
[2011/05/14 13:50:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2011/05/14 13:47:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/14 08:27:12 | 114,957,371 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/13 21:31:20 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/13 21:30:04 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk
[2011/05/13 21:29:37 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/13 21:29:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/13 21:29:12 | 2683,375,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/13 15:22:08 | 000,001,642 | -HS- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/05/13 15:22:08 | 000,001,642 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/05/12 16:51:40 | 007,340,198 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\lana sloan 3.mp3
[2011/05/12 16:28:51 | 009,444,622 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Jim Poston conversation 5 11 2011.mp3
[2011/05/12 16:17:11 | 003,346,180 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\sanfillippo 2nd call 5 12 2011.mp3
[2011/05/12 15:52:53 | 003,581,909 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\lana sloan lib mutual 2.mp3
[2011/05/12 15:47:17 | 004,785,631 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\lana sloan lib mutual 1.mp3
[2011/05/12 15:39:34 | 002,401,592 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\sanfillippo call 5 12 2011.mp3
[2011/05/12 15:27:51 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/05/12 15:27:11 | 014,521,008 | ---- | M] (Audacity Team ) -- C:\Documents and Settings\Todd\Desktop\audacity-win-unicode-1.3.13.exe
[2011/05/12 15:20:31 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Windows Audio Recorder Professional.lnk
[2011/05/12 15:18:16 | 005,127,876 | ---- | M] (Loadtrend, Inc. ) -- C:\Documents and Settings\Todd\Desktop\WindowsAudioRecorder.exe
[2011/05/12 15:07:51 | 002,646,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 222.wav
[2011/05/12 15:07:06 | 002,646,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 22.wav
[2011/05/12 15:04:31 | 002,646,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 1.wav
[2011/05/12 14:58:52 | 002,646,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 2.wav
[2011/05/12 14:52:10 | 002,646,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Sanfillippo 2.wav
[2011/05/12 14:49:24 | 002,646,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Sanfillippo 1.wav
[2011/05/11 21:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/11 09:59:20 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/07 15:58:58 | 000,002,601 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hallmark Card Studio 2010 Deluxe.lnk
[2011/05/06 14:43:36 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/05/06 14:21:04 | 000,035,315 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\TXDPSLicenseeTODDS DRIVING RECORD.pdf
[2011/05/06 14:02:46 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Mozilla Firefox.lnk
[2011/05/05 17:16:15 | 000,575,653 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\14 boat 1.JPG
[2011/05/04 21:46:49 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/04 21:37:46 | 000,001,173 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/05/04 21:37:05 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/05/04 21:37:05 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/05/03 18:54:21 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Todd\Start Menu\Programs\Startup\GoBox.lnk
[2011/04/25 15:43:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/22 17:56:13 | 000,205,223 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/04/15 03:29:06 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 03:12:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 03:09:31 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/04/15 03:09:31 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[69 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 15:22:06 | 000,001,642 | -HS- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/05/13 15:22:06 | 000,001,642 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/05/12 16:51:18 | 007,340,198 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\lana sloan 3.mp3
[2011/05/12 16:28:22 | 009,444,622 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Jim Poston conversation 5 11 2011.mp3
[2011/05/12 16:17:00 | 003,346,180 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\sanfillippo 2nd call 5 12 2011.mp3
[2011/05/12 15:52:42 | 003,581,909 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\lana sloan lib mutual 2.mp3
[2011/05/12 15:47:02 | 004,785,631 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\lana sloan lib mutual 1.mp3
[2011/05/12 15:39:26 | 002,401,592 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\sanfillippo call 5 12 2011.mp3
[2011/05/12 15:27:51 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/05/12 15:27:51 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/05/12 15:20:31 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Windows Audio Recorder Professional.lnk
[2011/05/12 15:07:51 | 002,646,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 222.wav
[2011/05/12 15:07:06 | 002,646,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 22.wav
[2011/05/12 15:04:31 | 002,646,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 1.wav
[2011/05/12 14:58:52 | 002,646,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 2.wav
[2011/05/12 14:52:10 | 002,646,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Sanfillippo 2.wav
[2011/05/12 14:49:24 | 002,646,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Sanfillippo 1.wav
[2011/05/06 14:43:36 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/05/06 14:42:13 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/06 14:42:12 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/06 14:21:04 | 000,035,315 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\TXDPSLicenseeTODDS DRIVING RECORD.pdf
[2011/05/06 14:02:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Mozilla Firefox.lnk
[2011/05/04 21:46:49 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/03 18:54:21 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Todd\Start Menu\Programs\Startup\GoBox.lnk
[2010/08/03 03:15:51 | 000,188,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/10 14:11:16 | 000,068,660 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/14 10:10:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2010/04/14 10:10:35 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2010/04/14 10:10:33 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2010/04/13 13:33:39 | 000,107,058 | ---- | C] () -- C:\WINDOWS\msacm32.drv
[2010/04/13 13:33:39 | 000,000,093 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
[2009/04/21 19:04:31 | 000,122,771 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2009/04/21 19:04:31 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2008/09/13 09:37:35 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/09/13 09:37:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/01/23 20:48:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\$_hpcst$.hpc
[2007/12/04 22:18:43 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/11/03 22:09:55 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/10/05 21:35:00 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\MumboJumbo.ini
[2007/10/05 21:35:00 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Todd\Application Data\ud_soundmanager.ini
[2007/06/20 15:46:41 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2007/05/13 22:40:02 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/26 22:20:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/12/02 16:33:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Todd.ini
[2006/05/01 15:01:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/12/25 22:24:55 | 000,000,063 | ---- | C] () -- C:\WINDOWS\hw.ini
[2005/08/28 19:49:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2005/08/28 19:49:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2005/08/28 19:47:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2005/07/20 18:52:09 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/26 19:47:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\bbuninst.exe
[2005/02/22 23:29:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/10 21:20:13 | 000,001,096 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2004/10/21 10:34:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 13:15:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/07/18 16:52:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/07/18 16:46:27 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2004/07/18 16:45:45 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2004/06/13 11:32:05 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\fusioncache.dat
[2004/04/17 10:47:11 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\PFP110JPR.{PB
[2004/04/17 10:47:11 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\PFP110JCM.{PB
[2004/04/14 20:11:24 | 000,001,922 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/03/09 12:48:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/09 12:42:26 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/03/09 12:38:23 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/03/09 12:36:54 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/03/09 12:36:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/03/09 12:36:42 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2004/03/09 12:36:42 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/03/09 12:36:42 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/03/09 12:36:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/03/09 12:36:41 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/03/09 12:36:10 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/03/09 12:35:13 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/03/09 12:32:15 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/09 12:17:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/03/09 12:14:52 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/03/09 12:14:52 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/03/09 12:01:22 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 23:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/30 18:55:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2003/01/30 18:54:28 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2002/09/03 10:05:08 | 000,306,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/01/12 13:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/12 13:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/12 13:36:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/01/26 17:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2008/01/26 17:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2011/04/14 18:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2004/05/21 20:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0133
[2008/02/03 00:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/03/11 21:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/15 00:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/24 08:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 17:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/12 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Audacity
[2011/01/12 13:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\AVG10
[2004/08/09 13:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\EPSON
[2008/02/13 08:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\ErrorSmart
[2004/04/14 20:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Leadertech
[2006/11/12 21:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Snapfish
[2011/01/26 16:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\uTorrent
[2009/12/13 14:02:37 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
[2009/12/13 20:09:29 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\ovieuiol.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Todd\Desktop\Order in Suit to Modify Parent-Child Relationship02.doc:SummaryInformation

< End of report >


2nd one---

OTL Extras logfile created on: 5/14/2011 01:58:48 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 18.84 Gb Free Space | 25.30% Space Free | Partition Type: NTFS

Computer Name: BEDROOM | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\Todd\Local Settings\Application Data\pcr.exe" -a "%1" %*
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe" = C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Enabled:Jasc Paint Shop Photo Album Application -- (Jasc Software)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Program Files\MumboJumbo\Luxor\luxor.exe" = C:\Program Files\MumboJumbo\Luxor\luxor.exe:*:Disabled:Luxor
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Program Files\Steam\SteamApps\tbinnerarity\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\tbinnerarity\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\SteamApps\tbinnerarity\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\tbinnerarity\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:enable -- (Microsoft Corporation)
"C:\Program Files\Adobe Media Player\Adobe Media Player.exe" = C:\Program Files\Adobe Media Player\Adobe Media Player.exe:*:Enabled:Adobe Media Player -- ()
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{601BE80D-247B-4084-94C7-7A54369DB7A2}" = Hallmark Card Studio 2010 Deluxe
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{976EA7B1-7562-483D-88DA-4323D263B7CD}" = DiMAGE Viewer
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600133}" = MSN Messenger 6.2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint Plus
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
"{C7888C3F-0506-555F-7907-CDD3F81719A5}" = Adobe Media Player
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB011820-5484-4BC9-9644-88C17A69E708}" = WIZ1x0_105SR Configtool
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D111D725-97AB-4654-B866-21700C703E86}" = HHD Software Hex Editor
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{DD0B4C27-B1D9-40BE-AC96-68228FAC2149}" = HyperLoad - Candystand Billiards
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AV Security Suite Platinum" = AV Security Suite Platinum
"AVG" = AVG 2011
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Extreme HU 1.6" = Extreme HU 1.6
"gobox" = GoBox Toolbar
"Hex Workshop v4.20" = Hex Workshop v4.23
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"KeyRipper" = KeyRipper 3.1
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lexmark 3300 Series" = Lexmark 3300 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Loader_is1" = Loader
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Nagra Master - ROM 102 Utility" = Nagra Master - ROM 102 Utility 1.3 (BETA)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PartyPoker" = PartyPoker
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Adapters and Drivers
"PVRLoader_is1" = PVRLoader
"RealPlayer 6.0" = RealOne Player
"Sewer Run_is1" = Sewer Run
"Shockwave" = Shockwave
"ST6UNST #1" = FOXPRO Programmer
"Tier Creator for Dummies II" = Tier Creator for Dummies II
"Virtools3DLifePlayer" = Virtools 3D Life Player
"VSHD Loader_is1" = VSHD Loader 1.0
"Windows Audio Recorder Professional_is1" = Windows Audio Recorder Professional 5.00
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/13/2011 09:36:29 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752567
Description = 6001: LiveUpdate failed because the LiveUpdate package is corrupt.
Internal authentication files are not present. Please run LiveUpdate again. If
the error persists, contact your network administrator or LiveUpdate provider.

Error - 5/13/2011 09:36:29 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752570
Description = 6006: LiveUpdate did not complete because the C:\Documents and Settings\All
Users\Application Data\Symantec\LiveUpdate\Downloads\Tri343\liveupdt.grd file failed
validation. Run LiveUpdate again.

Error - 5/13/2011 09:36:29 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752567
Description = 6001: LiveUpdate failed because the LiveUpdate package is corrupt.
Internal authentication files are not present. Please run LiveUpdate again. If
the error persists, contact your network administrator or LiveUpdate provider.

Error - 5/13/2011 09:36:40 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752570
Description = 6006: LiveUpdate did not complete because the C:\Documents and Settings\All
Users\Application Data\Symantec\LiveUpdate\Downloads\Tri379\liveupdt.grd file failed
validation. Run LiveUpdate again.

Error - 5/13/2011 09:36:40 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752567
Description = 6001: LiveUpdate failed because the LiveUpdate package is corrupt.
Internal authentication files are not present. Please run LiveUpdate again. If
the error persists, contact your network administrator or LiveUpdate provider.

Error - 5/13/2011 09:36:41 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752570
Description = 6006: LiveUpdate did not complete because the C:\Documents and Settings\All
Users\Application Data\Symantec\LiveUpdate\Downloads\Tri381\liveupdt.grd file failed
validation. Run LiveUpdate again.

Error - 5/13/2011 09:36:41 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752567
Description = 6001: LiveUpdate failed because the LiveUpdate package is corrupt.
Internal authentication files are not present. Please run LiveUpdate again. If
the error persists, contact your network administrator or LiveUpdate provider.

Error - 5/13/2011 10:23:37 PM | Computer Name = BEDROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2011 10:26:00 PM | Computer Name = BEDROOM | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/13/2011 10:26:01 PM | Computer Name = BEDROOM | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 5/13/2011 10:24:55 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The SSDP Discovery Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/13/2011 10:24:55 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7031
Description = The Universal Plug and Play Device Host service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.

Error - 5/13/2011 10:24:58 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).

Error - 5/13/2011 10:29:17 PM | Computer Name = BEDROOM | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 000CF1B69362 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/13/2011 10:29:47 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7000
Description = The Kodak Camera Connection Software service failed to start due to
the following error: %%3

Error - 5/13/2011 10:30:27 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/13/2011 10:30:27 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/13/2011 10:30:28 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/13/2011 10:30:32 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Automatic LiveUpdate Scheduler service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/13/2011 10:30:37 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The WMDM PMSP Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:Services
ZipToA
Symantec Core LC
KodakCCS
HidServ
AppMgmt
LiveUpdate
Automatic LiveUpdate Scheduler
symlcbrd

:OTL
SRV - File not found [Auto | Stopped] -- -- (ZipToA)
SRV - File not found [Disabled | Stopped] -- -- (Symantec Core LC)
SRV - File not found [Auto | Stopped] -- -- (KodakCCS)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2006/01/19 11:29:52 | 002,041,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/19 11:29:52 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
DRV - [2006/07/18 18:12:23 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1047
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.4
2011/05/06 14:03:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/03 19:04:12 | 000,000,000 | ---D | M] ("Gobox Toolbar") -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\[email protected]
[2010/07/20 23:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TODD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SGR9VMUH.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
[2010/07/20 23:51:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/06 14:02:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/20 23:51:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/05/06 14:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/12/06 20:51:29 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {86227D9C-0EFE-4F8A-AA55-30386A3F5686} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKCU..\Run: [avsuite] File not foundO4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\GoBox.lnk = C:\Program Files\GoBox Toolbar\gobox_desktop.exe (AddOn Exchange, Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://www104.coolsa...oad/cscmv5X.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.3.4.cab (Reg Error: Key error.)
O33 - MountPoints2\{196e3eee-8cff-11dd-bcca-001c10e6631e}\Shell\AutoRun\command - "" = L:\PMB_Portable.exe
O33 - MountPoints2\{5080f487-f560-11dc-bc98-001c10e6631e}\Shell - "" = AutoRun
O33 - MountPoints2\{5080f487-f560-11dc-bc98-001c10e6631e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5080f487-f560-11dc-bc98-001c10e6631e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f4975cd6-6273-11dc-bc7a-000cf1b69362}\Shell - "" = AutoRun
O33 - MountPoints2\{f4975cd6-6273-11dc-bc7a-000cf1b69362}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4975cd6-6273-11dc-bc7a-000cf1b69362}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Todd\Local Settings\Application Data\pcr.exe" -a "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Todd\Local Settings\Application Data\pcr.exe" -a "%1" %*
[2011/05/13 15:22:08 | 000,001,642 | -HS- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/05/13 15:22:08 | 000,001,642 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0

:Files
C:\Program Files\Symantec
C:\Documents and Settings\Todd\Local Settings\Application Data\*.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download save and run the AVG removal tool
http://download.avg....6_2011_1184.exe
Download save the free Avast!
http://www.avast.com...ivirus-download

Uninstall AVG.

Run the AVG removal tool



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Install Avast.
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


Ron
  • 0

#3
fullspeed2

fullspeed2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
All processes killed
========== SERVICES/DRIVERS ==========
Service ZipToA stopped successfully!
Service ZipToA deleted successfully!
Service Symantec Core LC stopped successfully!
Service Symantec Core LC deleted successfully!
Service KodakCCS stopped successfully!
Service KodakCCS deleted successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Service LiveUpdate stopped successfully!
Service LiveUpdate deleted successfully!
Service Automatic LiveUpdate Scheduler stopped successfully!
Service Automatic LiveUpdate Scheduler deleted successfully!
Service symlcbrd stopped successfully!
Service symlcbrd deleted successfully!
========== OTL ==========
Error: No service named ZipToA was found to stop!
Service\Driver key ZipToA not found.
Error: No service named Symantec Core LC was found to stop!
Service\Driver key Symantec Core LC not found.
Error: No service named KodakCCS was found to stop!
Service\Driver key KodakCCS not found.
Error: No service named HidServ was found to stop!
Service\Driver key HidServ not found.
Error: No service named AppMgmt was found to stop!
Service\Driver key AppMgmt not found.
Error: No service named LiveUpdate was found to stop!
Service\Driver key LiveUpdate not found.
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE moved successfully.
Error: No service named Automatic LiveUpdate Scheduler was found to stop!
Service\Driver key Automatic LiveUpdate Scheduler not found.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe moved successfully.
Error: No service named symlcbrd was found to stop!
Service\Driver key symlcbrd not found.
C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Prefs.js: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319 removed from extensions.enabledItems
Prefs.js: [email protected]:0.3.4 removed from extensions.enabledItems
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\[email protected] folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
C:\Program Files\Mozilla Firefox\components\browsercomps.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avsuite deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Starting removal of ActiveX control {549F957E-2F89-11D6-8CFE-00C04F52B225}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{549F957E-2F89-11D6-8CFE-00C04F52B225}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}
C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{196e3eee-8cff-11dd-bcca-001c10e6631e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{196e3eee-8cff-11dd-bcca-001c10e6631e}\ not found.
File L:\PMB_Portable.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5080f487-f560-11dc-bc98-001c10e6631e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5080f487-f560-11dc-bc98-001c10e6631e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5080f487-f560-11dc-bc98-001c10e6631e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5080f487-f560-11dc-bc98-001c10e6631e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5080f487-f560-11dc-bc98-001c10e6631e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5080f487-f560-11dc-bc98-001c10e6631e}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4975cd6-6273-11dc-bc7a-000cf1b69362}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4975cd6-6273-11dc-bc7a-000cf1b69362}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4975cd6-6273-11dc-bc7a-000cf1b69362}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4975cd6-6273-11dc-bc7a-000cf1b69362}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4975cd6-6273-11dc-bc7a-000cf1b69362}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4975cd6-6273-11dc-bc7a-000cf1b69362}\ not found.
File F:\LaunchU3.exe -a not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\Documents and Settings\Todd\Local Settings\Application Data\pcr.exe" -a "%1" %* not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\Todd\Local Settings\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0 moved successfully.
C:\Documents and Settings\All Users\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0 moved successfully.
========== FILES ==========
C:\Program Files\Symantec\LiveUpdate folder moved successfully.
C:\Program Files\Symantec folder moved successfully.
File\Folder C:\Documents and Settings\Todd\Local Settings\Application Data\*.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Brooke
->Temp folder emptied: 11497588 bytes
->Temporary Internet Files folder emptied: 7608452 bytes
->Flash cache emptied: 348 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56504 bytes

User: Drew
->Temp folder emptied: 14754595 bytes
->Temporary Internet Files folder emptied: 32936306 bytes
->Flash cache emptied: 676 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2936317 bytes

User: NetworkService
->Temp folder emptied: 270212 bytes
->Temporary Internet Files folder emptied: 33968045 bytes

User: Other
->Temp folder emptied: 14318436 bytes
->Temporary Internet Files folder emptied: 22208178 bytes
->Flash cache emptied: 300 bytes

User: Owner

User: Todd
->Temp folder emptied: 991198644 bytes
->Temporary Internet Files folder emptied: 270202453 bytes
->Java cache emptied: 2949235 bytes
->FireFox cache emptied: 125746692 bytes
->Apple Safari cache emptied: 32724992 bytes
->Flash cache emptied: 584343 bytes

User: Tyler
->Temp folder emptied: 137752 bytes
->Temporary Internet Files folder emptied: 126752662 bytes
->Flash cache emptied: 2050 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58666 bytes
%systemroot%\System32 .tmp files removed: 82628417 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 111311464 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 52082224 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 59084 bytes
RecycleBin emptied: 1874179454 bytes

Total Files Cleaned = 3,635.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05162011_152712

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\VKQC2RBB.SH!\az;portal=artists;section_1=az;section_2=bentley_dierks;pageName=tours;art=bentley_dierks;u=_portal-artists_section_1-az_section_2-bentley_dierks_pageName-tours_art-bentley_[1].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\UISU81A4.SH!\az;portal=artists;section_1=az;section_2=bentley_dierks;pageName=tours;dcopt=ist;art=bentley_dierks;u=_portal-artists_section_1-az_section_2-bentley_dierks_pageName-tours_dc[1].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\R3TRNDCK.SH!\xcpn%3Dgeneral_satellite%26dxstr%3DPPC%26gclid%3DCNmrl6uwi4gCFQ-4WAodliAuHA%26cf_search%3Dsatellite%2520tv%2520dish%2520network%26R%3Dcf%26cf_creative%3D467367670&id=27679&disc=lead not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\E56BYPEB.SH!\az;portal=artists;section_1=az;section_2=bentley_dierks;pageName=artist;art=bentley_dierks;u=_portal-artists_section_1-az_section_2-bentley_dierks_pageName-artist_art-bentle[1].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\E56BYPEB.SH!\az;portal=artists;section_1=az;section_2=bentley_dierks;pageName=tours;art=bentley_dierks;u=_portal-artists_section_1-az_section_2-bentley_dierks_pageName-tours_art-bentley_[1].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\C56RW9YB.SH!\az;portal=artists;section_1=az;section_2=bentley_dierks;pageName=artist;dcopt=ist;art=bentley_dierks;u=_portal-artists_section_1-az_section_2-bentley_dierks_pageName-artist_[1].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\C56RW9YB.SH!\az;portal=artists;section_1=az;section_2=bentley_dierks;pageName=artist;dcopt=ist;art=bentley_dierks;u=_portal-artists_section_1-az_section_2-bentley_dierks_pageName-artist_[2].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\8TQFGXM7.SH!\_W0QQa10239ZQ2d24QQa10244Z10426QQa38v1yZ1947QQa38v2yZ1947QQa39Z1937QQa41ZQ2d24QQalistZa39Q2ca41Q2ca38v1yQ2ca38v2yQ2ca10239Q2ca3801Q2ca85Q2ca10246Q2ca33512Q2ca10241Q2ca10244Q[1].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\6B4ZATUD.SH!\az;portal=artists;section_1=az;section_2=bentley_dierks;pageName=artist;art=bentley_dierks;u=_portal-artists_section_1-az_section_2-bentley_dierks_pageName-artist_art-bentle[1].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\57FZ271R.SH!\manual-rancher-cd_Parts-Accessories_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ1QQfsopZ1QQfstypeZ1QQftrtZ1QQftrvZ1QQmppfqyZserviceQ20ma[1].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\57FZ271R.SH!\_Parts-Accessories_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfclZ3QQfmmdZQQfmmkZchevroletQQfromZR10QQfrppZ50QQfrtsZ50QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1[1].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\3QT6V3LN.SH!\az;portal=artists;section_1=az;section_2=bentley_dierks;pageName=tours;dcopt=ist;art=bentley_dierks;u=_portal-artists_section_1-az_section_2-bentley_dierks_pageName-tours_dc[1].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\2ZANKRGF.SH!\az;portal=artists;section_1=az;section_2=bentley_dierks;pageName=tours;dcopt=ist;art=bentley_dierks;u=_portal-artists_section_1-az_section_2-bentley_dierks_pageName-tours_dc[1].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\2ZANKRGF.SH!\_W0QQa10239ZQ2d24QQa38v1yZ1947QQa38v2yZ1947QQa41ZQ2d24QQalistZa41Q2ca38v1yQ2ca38v2yQ2ca10239Q2ca3801Q2ca85Q2ca10246Q2ca33512Q2ca10241QQcatrefZC6QQfclZ3QQfromZR2QQfsooZ2QQfso[1].htm not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\18KZ19OT.SH!\eBayCheckoutSuccess-inside;lang=en_US;acct=prem;resid=US;PVDN=none;debit=true;bcapp=false;bcpre=false;pcpre=false;bcacc=false;pcacc=false;verif=true;ebayS=true;ebayB=true;F1[2] not found!
File\Folder C:\Documents and Settings\Todd\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\0LQRC5MF.SH!\az;portal=artists;section_1=az;section_2=bentley_dierks;pageName=tours;art=bentley_dierks;u=_portal-artists_section_1-az_section_2-bentley_dierks_pageName-tours_art-bentley_[1].htm not found!

Registry entries deleted on Reboot...




OTL logfile created on: 5/16/2011 03:44:58 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 22.31 Gb Free Space | 29.96% Space Free | Partition Type: NTFS

Computer Name: BEDROOM | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 13:50:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.scr
PRC - [2011/05/06 14:02:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/03 18:54:20 | 000,446,464 | ---- | M] (AddOn Exchange, Inc.) -- C:\Program Files\GoBox Toolbar\gobox_desktop.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/08/07 14:32:26 | 000,358,232 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/09 12:37:15 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 13:50:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.scr
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [1997/12/05 16:31:12 | 000,158,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Script Control\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/01/30 18:55:44 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hphipm09.exe -- (Pml Driver)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2005/02/01 19:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/14 11:58:12 | 001,296,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/01/30 18:55:44 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphid409.sys -- (Dot4 HPH09)
DRV - [2003/01/30 18:55:44 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2003/01/30 18:55:44 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedengine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/04/14 18:10:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 09:59:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 14:02:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 15:27:21 | 000,000,000 | ---D | M]

[2009/08/22 20:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Extensions
[2011/05/06 14:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions
[2010/04/27 12:35:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/06 14:03:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/06 13:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TODD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SGR9VMUH.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
[2011/05/11 09:59:19 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4

O1 HOSTS File: ([2011/05/16 15:27:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk = C:\WINDOWS\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe (Acresso Software Inc.)
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\GoBox.lnk = C:\Program Files\GoBox Toolbar\gobox_desktop.exe (AddOn Exchange, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: amphire.net ([commerce] http in Trusted sites)
O15 - HKCU\..Trusted Domains: csplans.com ([teamsterups] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.55.5.10 209.55.5.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 15:27:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/14 13:50:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.scr
[2011/05/14 13:50:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2011/05/13 16:37:46 | 012,521,992 | ---- | C] (Mozilla) -- C:\Documents and Settings\Todd\Desktop\Firefox Setup 4.0.1.exe
[2011/05/13 15:30:01 | 012,521,992 | ---- | C] (Mozilla) -- C:\Documents and Settings\Todd\Desktop\Firefox%20Setup%204.0.1[1].exe
[2011/05/12 15:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/05/12 15:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Audacity
[2011/05/12 15:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2011/05/12 15:26:55 | 014,521,008 | ---- | C] (Audacity Team ) -- C:\Documents and Settings\Todd\Desktop\audacity-win-unicode-1.3.13.exe
[2011/05/12 15:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Audio Recorder Professional
[2011/05/12 15:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Audio Recorder Professional
[2011/05/12 15:17:44 | 005,127,876 | ---- | C] (Loadtrend, Inc. ) -- C:\Documents and Settings\Todd\Desktop\WindowsAudioRecorder.exe
[2011/05/06 14:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/05/06 14:41:37 | 000,589,640 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Todd\Desktop\GoogleEarthSetup(1).exe
[2011/05/05 17:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\email pics
[2011/05/04 21:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/04 21:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/04 21:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/04 21:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/03 18:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Start Menu\Programs\GoBox
[2011/05/03 18:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\GoBox Toolbar
[2010/01/20 23:12:29 | 000,081,920 | ---- | C] (WIZnet Corp.) -- C:\Program Files\Common Files\WIZ1x0SR_105SR_CFG.exe
[2010/01/20 23:12:28 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\MSVCR80.dll

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,065,348 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Order in Suit to Modify Parent-Child Relationship02.wpd
[2011/05/16 15:47:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 15:38:09 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/16 15:37:52 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk
[2011/05/16 15:36:49 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 15:36:25 | 2683,375,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 15:36:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/16 15:27:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/05/16 08:06:02 | 115,162,303 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/14 13:50:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.scr
[2011/05/14 13:50:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2011/05/13 16:37:59 | 012,521,992 | ---- | M] (Mozilla) -- C:\Documents and Settings\Todd\Desktop\Firefox Setup 4.0.1.exe
[2011/05/13 15:29:46 | 012,521,992 | ---- | M] (Mozilla) -- C:\Documents and Settings\Todd\Desktop\Firefox%20Setup%204.0.1[1].exe
[2011/05/12 16:51:40 | 007,340,198 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\lana sloan 3.mp3
[2011/05/12 16:28:51 | 009,444,622 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Jim Poston conversation 5 11 2011.mp3
[2011/05/12 16:17:11 | 003,346,180 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\sanfillippo 2nd call 5 12 2011.mp3
[2011/05/12 15:52:53 | 003,581,909 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\lana sloan lib mutual 2.mp3
[2011/05/12 15:47:17 | 004,785,631 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\lana sloan lib mutual 1.mp3
[2011/05/12 15:39:34 | 002,401,592 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\sanfillippo call 5 12 2011.mp3
[2011/05/12 15:27:51 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/05/12 15:27:11 | 014,521,008 | ---- | M] (Audacity Team ) -- C:\Documents and Settings\Todd\Desktop\audacity-win-unicode-1.3.13.exe
[2011/05/12 15:20:31 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Windows Audio Recorder Professional.lnk
[2011/05/12 15:18:16 | 005,127,876 | ---- | M] (Loadtrend, Inc. ) -- C:\Documents and Settings\Todd\Desktop\WindowsAudioRecorder.exe
[2011/05/12 15:07:51 | 002,646,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 222.wav
[2011/05/12 15:07:06 | 002,646,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 22.wav
[2011/05/12 15:04:31 | 002,646,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 1.wav
[2011/05/12 14:58:52 | 002,646,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 2.wav
[2011/05/12 14:52:10 | 002,646,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Sanfillippo 2.wav
[2011/05/12 14:49:24 | 002,646,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Sanfillippo 1.wav
[2011/05/11 21:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/11 09:59:20 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/07 15:58:58 | 000,002,601 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hallmark Card Studio 2010 Deluxe.lnk
[2011/05/06 14:43:36 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/05/06 14:41:33 | 000,589,640 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Todd\Desktop\GoogleEarthSetup(1).exe
[2011/05/06 14:21:04 | 000,035,315 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\TXDPSLicenseeTODDS DRIVING RECORD.pdf
[2011/05/06 14:02:46 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Mozilla Firefox.lnk
[2011/05/05 17:16:15 | 000,575,653 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\14 boat 1.JPG
[2011/05/04 21:46:49 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/04 21:37:46 | 000,001,173 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/05/04 21:37:05 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/05/04 21:37:05 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/05/03 18:54:21 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Todd\Start Menu\Programs\Startup\GoBox.lnk
[2011/04/25 15:43:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/22 17:56:13 | 000,205,223 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

========== Files Created - No Company Name ==========

[2011/05/12 16:51:18 | 007,340,198 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\lana sloan 3.mp3
[2011/05/12 16:28:22 | 009,444,622 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Jim Poston conversation 5 11 2011.mp3
[2011/05/12 16:17:00 | 003,346,180 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\sanfillippo 2nd call 5 12 2011.mp3
[2011/05/12 15:52:42 | 003,581,909 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\lana sloan lib mutual 2.mp3
[2011/05/12 15:47:02 | 004,785,631 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\lana sloan lib mutual 1.mp3
[2011/05/12 15:39:26 | 002,401,592 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\sanfillippo call 5 12 2011.mp3
[2011/05/12 15:27:51 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/05/12 15:27:51 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/05/12 15:20:31 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Windows Audio Recorder Professional.lnk
[2011/05/12 15:07:51 | 002,646,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 222.wav
[2011/05/12 15:07:06 | 002,646,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 22.wav
[2011/05/12 15:04:31 | 002,646,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 1.wav
[2011/05/12 14:58:52 | 002,646,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Lana Sloan 2.wav
[2011/05/12 14:52:10 | 002,646,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Sanfillippo 2.wav
[2011/05/12 14:49:24 | 002,646,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Sanfillippo 1.wav
[2011/05/06 14:43:36 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/05/06 14:42:13 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/06 14:42:12 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/06 14:21:04 | 000,035,315 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\TXDPSLicenseeTODDS DRIVING RECORD.pdf
[2011/05/06 14:02:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Mozilla Firefox.lnk
[2011/05/04 21:46:49 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/03 18:54:21 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Todd\Start Menu\Programs\Startup\GoBox.lnk
[2010/08/03 03:15:51 | 000,188,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/10 14:11:16 | 000,068,660 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/14 10:10:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2010/04/14 10:10:35 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2010/04/14 10:10:33 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2010/04/13 13:33:39 | 000,107,058 | ---- | C] () -- C:\WINDOWS\msacm32.drv
[2010/04/13 13:33:39 | 000,000,093 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
[2009/04/21 19:04:31 | 000,122,771 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2009/04/21 19:04:31 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2008/09/13 09:37:35 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/09/13 09:37:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/01/23 20:48:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\$_hpcst$.hpc
[2007/12/04 22:18:43 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/11/03 22:09:55 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/10/05 21:35:00 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\MumboJumbo.ini
[2007/10/05 21:35:00 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Todd\Application Data\ud_soundmanager.ini
[2007/06/20 15:46:41 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2007/05/13 22:40:02 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/26 22:20:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/12/02 16:33:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Todd.ini
[2006/05/01 15:01:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/12/25 22:24:55 | 000,000,063 | ---- | C] () -- C:\WINDOWS\hw.ini
[2005/08/28 19:49:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2005/08/28 19:49:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2005/08/28 19:47:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2005/07/20 18:52:09 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/26 19:47:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\bbuninst.exe
[2005/02/22 23:29:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/10 21:20:13 | 000,001,096 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2004/10/21 10:34:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 13:15:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/07/18 16:52:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/07/18 16:46:27 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2004/07/18 16:45:45 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2004/06/13 11:32:05 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\fusioncache.dat
[2004/04/17 10:47:11 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\PFP110JPR.{PB
[2004/04/17 10:47:11 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\PFP110JCM.{PB
[2004/04/14 20:11:24 | 000,001,922 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/03/09 12:48:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/09 12:42:26 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/03/09 12:38:23 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/03/09 12:36:54 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/03/09 12:36:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/03/09 12:36:42 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2004/03/09 12:36:42 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/03/09 12:36:42 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/03/09 12:36:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/03/09 12:36:41 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/03/09 12:36:10 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/03/09 12:35:13 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/03/09 12:32:15 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/09 12:17:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/03/09 12:14:52 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/03/09 12:14:52 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/03/09 12:01:22 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 23:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/30 18:55:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2003/01/30 18:54:28 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2002/09/03 10:05:08 | 000,306,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Todd\Desktop\Order in Suit to Modify Parent-Child Relationship02.doc:SummaryInformation

< End of report >


OTL Extras logfile created on: 5/16/2011 03:44:58 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 22.31 Gb Free Space | 29.96% Space Free | Partition Type: NTFS

Computer Name: BEDROOM | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\WINDOWS\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\WINDOWS\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\WINDOWS\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\WINDOWS\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\WINDOWS\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\WINDOWS\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- C:\WINDOWS\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- C:\WINDOWS\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- C:\WINDOWS\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- C:\WINDOWS\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- C:\WINDOWS\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- C:\WINDOWS\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- C:\WINDOWS\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- C:\WINDOWS\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- C:\WINDOWS\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- C:\WINDOWS\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe" = C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Enabled:Jasc Paint Shop Photo Album Application -- (Jasc Software)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Program Files\MumboJumbo\Luxor\luxor.exe" = C:\Program Files\MumboJumbo\Luxor\luxor.exe:*:Disabled:Luxor
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Program Files\Steam\SteamApps\tbinnerarity\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\tbinnerarity\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\SteamApps\tbinnerarity\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\tbinnerarity\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:enable -- (Microsoft Corporation)
"C:\Program Files\Adobe Media Player\Adobe Media Player.exe" = C:\Program Files\Adobe Media Player\Adobe Media Player.exe:*:Enabled:Adobe Media Player -- ()
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{601BE80D-247B-4084-94C7-7A54369DB7A2}" = Hallmark Card Studio 2010 Deluxe
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{976EA7B1-7562-483D-88DA-4323D263B7CD}" = DiMAGE Viewer
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600133}" = MSN Messenger 6.2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint Plus
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
"{C7888C3F-0506-555F-7907-CDD3F81719A5}" = Adobe Media Player
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB011820-5484-4BC9-9644-88C17A69E708}" = WIZ1x0_105SR Configtool
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D111D725-97AB-4654-B866-21700C703E86}" = HHD Software Hex Editor
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{DD0B4C27-B1D9-40BE-AC96-68228FAC2149}" = HyperLoad - Candystand Billiards
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AV Security Suite Platinum" = AV Security Suite Platinum
"AVG" = AVG 2011
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Extreme HU 1.6" = Extreme HU 1.6
"gobox" = GoBox Toolbar
"Hex Workshop v4.20" = Hex Workshop v4.23
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"KeyRipper" = KeyRipper 3.1
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lexmark 3300 Series" = Lexmark 3300 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Loader_is1" = Loader
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Nagra Master - ROM 102 Utility" = Nagra Master - ROM 102 Utility 1.3 (BETA)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PartyPoker" = PartyPoker
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Adapters and Drivers
"PVRLoader_is1" = PVRLoader
"RealPlayer 6.0" = RealOne Player
"Sewer Run_is1" = Sewer Run
"Shockwave" = Shockwave
"ST6UNST #1" = FOXPRO Programmer
"Tier Creator for Dummies II" = Tier Creator for Dummies II
"Virtools3DLifePlayer" = Virtools 3D Life Player
"VSHD Loader_is1" = VSHD Loader 1.0
"Windows Audio Recorder Professional_is1" = Windows Audio Recorder Professional 5.00
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2011 09:10:28 AM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752570
Description =

Error - 5/16/2011 09:10:28 AM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752567
Description =

Error - 5/16/2011 01:30:05 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752570
Description =

Error - 5/16/2011 01:30:05 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752567
Description =

Error - 5/16/2011 01:30:05 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752570
Description =

Error - 5/16/2011 01:30:05 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752567
Description =

Error - 5/16/2011 01:30:16 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752570
Description =

Error - 5/16/2011 01:30:16 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752567
Description =

Error - 5/16/2011 01:30:16 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752570
Description =

Error - 5/16/2011 01:30:16 PM | Computer Name = BEDROOM | Source = LiveUpdate | ID = 2752567
Description =

[ System Events ]
Error - 5/13/2011 10:30:37 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The WMDM PMSP Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/14/2011 10:01:14 PM | Computer Name = BEDROOM | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 000CF1B69362 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/15/2011 01:06:29 AM | Computer Name = BEDROOM | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 000CF1B69362 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/15/2011 01:08:51 AM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7000
Description = The Kodak Camera Connection Software service failed to start due to
the following error: %%3

Error - 5/16/2011 04:27:13 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/16/2011 04:27:13 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Automatic LiveUpdate Scheduler service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/16/2011 04:27:13 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/16/2011 04:27:13 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/16/2011 04:27:13 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/16/2011 04:27:13 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
  • 0

#4
fullspeed2

fullspeed2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6593

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/16/2011 07:22:11 PM
mbam-log-2011-05-16 (19-22-11).txt

Scan type: Full scan (C:\|)
Objects scanned: 312300
Time elapsed: 3 hour(s), 1 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 13
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HiSoft\CrackDownloader (CrackTool.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AV Security Suite Platinum (Rogue.SecuritySuitePlatinum) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV Security Suite Platinum (Rogue.SecuritySuitePlatinum) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Todd\Local Settings\Application Data\pcr.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Todd\Local Settings\Application Data\pcr.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Todd\Local Settings\Application Data\pcr.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Todd\application data\errorsmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\Todd\application data\errorsmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\Todd\application data\errorsmart\registry backups (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\program files\errorsmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\program files\errorsmart\microsoft.vc80.crt (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\program files\errorsmart\microsoft.vc80.mfc (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\program files\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\SideFind (Adware.ISTBar) -> Quarantined and deleted successfully.
c:\program files\yoursitebar (Adware.ISTBar) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Todd\application data\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\errorsmart scheduled scan.job (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
c:\documents and settings\Todd\application data\errorsmart\Log\2008 feb 20 - 03_30_00 am_688.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\Todd\application data\errorsmart\registry backups\2008-01-26_17-00-45.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\yoursitebar\imagemap_normal.bmp (Adware.ISTBar) -> Quarantined and deleted successfully.
c:\program files\yoursitebar\version.txt (Adware.ISTBar) -> Quarantined and deleted successfully.
c:\program files\yoursitebar\yoursitebar.xml (Adware.ISTBar) -> Quarantined and deleted successfully.
  • 0

#5
fullspeed2

fullspeed2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ComboFix 11-05-16.02 - Todd 05/16/2011 22:29:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2142 [GMT -5:00]
Running from: c:\documents and settings\Todd\Desktop\george1.exe.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Todd\Templates\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
c:\program files\Altnet
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\sfx.xmd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab
c:\program files\Internet Explorer\SET45BB.tmp
c:\program files\Internet Explorer\SET45F5.tmp
c:\program files\Internet Explorer\SETA349.tmp
c:\program files\Internet Explorer\SETA37B.tmp
c:\windows\Readme.txt
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\Data
c:\windows\Tasks\ovieuiol.job
C:\zip.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))
.
.
2011-05-16 21:00 . 2011-05-16 21:00 -------- d-----w- c:\documents and settings\Todd\Application Data\Malwarebytes
2011-05-16 21:00 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 21:00 . 2011-05-16 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-16 21:00 . 2011-05-16 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 21:00 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-16 20:27 . 2011-05-16 20:27 -------- dc----w- C:\_OTL
2011-05-12 20:38 . 2011-05-12 20:38 -------- d-----w- c:\program files\Lame For Audacity
2011-05-12 20:27 . 2011-05-12 21:56 -------- d-----w- c:\documents and settings\Todd\Application Data\Audacity
2011-05-12 20:27 . 2011-05-12 20:27 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-05-12 20:20 . 2011-05-12 20:22 -------- d-----w- c:\program files\Windows Audio Recorder Professional
2011-05-06 19:02 . 2011-05-06 19:02 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-06 19:02 . 2011-05-06 19:02 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-06 19:02 . 2011-05-06 19:02 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-06 19:02 . 2011-05-06 19:02 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-06 19:02 . 2011-05-06 19:02 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-06 19:02 . 2011-05-06 19:02 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-06 19:02 . 2011-05-06 19:02 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 02:45 . 2011-05-05 02:45 -------- d-----w- c:\program files\iPod
2011-05-05 02:45 . 2011-05-05 02:46 -------- d-----w- c:\program files\iTunes
2011-05-05 02:41 . 2011-05-05 02:41 -------- d-----w- c:\program files\Bonjour
2011-05-03 23:54 . 2011-05-03 23:54 -------- d-----w- c:\program files\GoBox Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 02:13 . 2007-11-04 03:10 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-18 18:32 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-07 05:33 . 2008-09-13 14:37 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-09-13 14:36 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-09-13 14:36 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2002-08-29 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-09-13 14:38 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 21:36 . 2009-03-12 02:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 21:36 . 2008-12-31 02:00 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-17 13:18 . 2008-09-13 14:36 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-09-13 14:36 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 22:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-01-13 20:45 . 2010-01-21 04:12 81920 ----a-w- c:\program files\Common Files\WIZ1x0SR_105SR_CFG.exe
2006-12-01 11:54 . 2010-01-21 04:12 626688 -c--a-w- c:\program files\Common Files\MSVCR80.dll
.
.
------- Sigcheck -------
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\SYSTEM32\DRIVERS\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-11 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-30 4800512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-09 151597]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
.
c:\documents and settings\Todd\Start Menu\Programs\Startup\
GoBox.lnk - c:\program files\GoBox Toolbar\gobox_desktop.exe [2011-5-3 446464]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder 2010.lnk - c:\windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2010-6-10 341328]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01 135264 -c--a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-01-30 23:55 196608 -c--a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2003-01-30 23:55 311296 -c--a-w- c:\windows\SYSTEM32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 06:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
2005-02-21 11:21 192512 -c--a-w- c:\program files\Lexmark 3300 Series\lxccmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 -c--a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 01:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tbinnerarity\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tbinnerarity\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2011 02:42 PM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 07:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2011 02:42 PM 136176]
S4 CmdFdc;CmdFdc; [x]
S4 gwiopm;gwiopm; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 19:41]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 19:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: amphire.net\commerce
Trusted Zone: csplans.com\teamsterups
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe
MSConfigStartUp-EPSON Stylus CX5400 - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
MSConfigStartUp-EzPrint - c:\program files\Lexmark 2400 Series\ezprint.exe
MSConfigStartUp-FaxCenterServer - c:\program files\Lexmark Fax Solutions\fm3032.exe
MSConfigStartUp-lxcrmon - c:\program files\Lexmark 2400 Series\lxcrmon.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Lexmark Fax Solutions - c:\program files\Lexmark Fax Solutions\Install\x86\Uninst.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-16 22:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="refobaju.dll,c:\\windows\\system32\\vebimayo.dll,refobaju.dll,c:\\windows\\system32\\kiduruka.dll,c:\\windows\\system32\\goyetude.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-05-16 22:54:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-17 03:54
.
Pre-Run: 24,392,663,040 bytes free
Post-Run: 24,264,175,616 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 9FD8FF459012148613392C48E5DA0861
  • 0

#6
fullspeed2

fullspeed2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ComboFix 11-05-16.02 - Todd 05/16/2011 22:29:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2142 [GMT -5:00]
Running from: c:\documents and settings\Todd\Desktop\george1.exe.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Todd\Templates\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
c:\program files\Altnet
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\sfx.xmd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab
c:\program files\Internet Explorer\SET45BB.tmp
c:\program files\Internet Explorer\SET45F5.tmp
c:\program files\Internet Explorer\SETA349.tmp
c:\program files\Internet Explorer\SETA37B.tmp
c:\windows\Readme.txt
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\Data
c:\windows\Tasks\ovieuiol.job
C:\zip.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))
.
.
2011-05-16 21:00 . 2011-05-16 21:00 -------- d-----w- c:\documents and settings\Todd\Application Data\Malwarebytes
2011-05-16 21:00 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 21:00 . 2011-05-16 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-16 21:00 . 2011-05-16 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 21:00 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-16 20:27 . 2011-05-16 20:27 -------- dc----w- C:\_OTL
2011-05-12 20:38 . 2011-05-12 20:38 -------- d-----w- c:\program files\Lame For Audacity
2011-05-12 20:27 . 2011-05-12 21:56 -------- d-----w- c:\documents and settings\Todd\Application Data\Audacity
2011-05-12 20:27 . 2011-05-12 20:27 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-05-12 20:20 . 2011-05-12 20:22 -------- d-----w- c:\program files\Windows Audio Recorder Professional
2011-05-06 19:02 . 2011-05-06 19:02 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-06 19:02 . 2011-05-06 19:02 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-06 19:02 . 2011-05-06 19:02 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-06 19:02 . 2011-05-06 19:02 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-06 19:02 . 2011-05-06 19:02 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-06 19:02 . 2011-05-06 19:02 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-06 19:02 . 2011-05-06 19:02 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 02:45 . 2011-05-05 02:45 -------- d-----w- c:\program files\iPod
2011-05-05 02:45 . 2011-05-05 02:46 -------- d-----w- c:\program files\iTunes
2011-05-05 02:41 . 2011-05-05 02:41 -------- d-----w- c:\program files\Bonjour
2011-05-03 23:54 . 2011-05-03 23:54 -------- d-----w- c:\program files\GoBox Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 02:13 . 2007-11-04 03:10 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-18 18:32 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-07 05:33 . 2008-09-13 14:37 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-09-13 14:36 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-09-13 14:36 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2002-08-29 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-09-13 14:38 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 21:36 . 2009-03-12 02:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 21:36 . 2008-12-31 02:00 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-17 13:18 . 2008-09-13 14:36 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-09-13 14:36 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 22:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-01-13 20:45 . 2010-01-21 04:12 81920 ----a-w- c:\program files\Common Files\WIZ1x0SR_105SR_CFG.exe
2006-12-01 11:54 . 2010-01-21 04:12 626688 -c--a-w- c:\program files\Common Files\MSVCR80.dll
.
.
------- Sigcheck -------
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\SYSTEM32\DRIVERS\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-11 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-30 4800512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-09 151597]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
.
c:\documents and settings\Todd\Start Menu\Programs\Startup\
GoBox.lnk - c:\program files\GoBox Toolbar\gobox_desktop.exe [2011-5-3 446464]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder 2010.lnk - c:\windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2010-6-10 341328]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01 135264 -c--a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-01-30 23:55 196608 -c--a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2003-01-30 23:55 311296 -c--a-w- c:\windows\SYSTEM32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 06:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
2005-02-21 11:21 192512 -c--a-w- c:\program files\Lexmark 3300 Series\lxccmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 -c--a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 01:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tbinnerarity\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tbinnerarity\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2011 02:42 PM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 07:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2011 02:42 PM 136176]
S4 CmdFdc;CmdFdc; [x]
S4 gwiopm;gwiopm; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 19:41]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 19:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: amphire.net\commerce
Trusted Zone: csplans.com\teamsterups
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe
MSConfigStartUp-EPSON Stylus CX5400 - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
MSConfigStartUp-EzPrint - c:\program files\Lexmark 2400 Series\ezprint.exe
MSConfigStartUp-FaxCenterServer - c:\program files\Lexmark Fax Solutions\fm3032.exe
MSConfigStartUp-lxcrmon - c:\program files\Lexmark 2400 Series\lxcrmon.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Lexmark Fax Solutions - c:\program files\Lexmark Fax Solutions\Install\x86\Uninst.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-16 22:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="refobaju.dll,c:\\windows\\system32\\vebimayo.dll,refobaju.dll,c:\\windows\\system32\\kiduruka.dll,c:\\windows\\system32\\goyetude.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-05-16 22:54:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-17 03:54
.
Pre-Run: 24,392,663,040 bytes free
Post-Run: 24,264,175,616 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 9FD8FF459012148613392C48E5DA0861
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

SecCenter::
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\vebimayo.dll
c:\windows\system32\refobaju.dll
c:\windows\system32\kiduruka.dll
c:\windows\system32\goyetude.dll
c:\program files\GoBox Toolbar\gobox_desktop.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\AppleSoftwareUpdate.job

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | C:\windows\atapi.sys
c:\windows\ServicePackFiles\i386\atapi.sys | C:\windows\system32\atapi.sys

Driver::
CmdFdc
gwiopm
gupdatem
gupdate

Folder::
c:\program files\GoBox Toolbar

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Ron
  • 0

#8
fullspeed2

fullspeed2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ComboFix 11-05-16.02 - Todd 05/17/2011 8:57.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2061 [GMT -5:00]
Running from: c:\documents and settings\Todd\Desktop\george1.exe.exe
Command switches used :: c:\documents and settings\Todd\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\program files\GoBox Toolbar\gobox_desktop.exe"
"c:\windows\system32\goyetude.dll"
"c:\windows\system32\kiduruka.dll"
"c:\windows\system32\refobaju.dll"
"c:\windows\system32\vebimayo.dll"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\GoBox Toolbar
c:\program files\GoBox Toolbar\gobox.dll
c:\program files\GoBox Toolbar\gobox_desktop.exe
c:\program files\GoBox Toolbar\gobox_helper.dll
c:\program files\GoBox Toolbar\toolbar.ini
c:\program files\GoBox Toolbar\uninstall.exe
c:\program files\GoBox Toolbar\Updates\version.txt
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\atapi.sys
c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CMDFDC
-------\Legacy_GUPDATE
-------\Service_CmdFdc
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gwiopm
.
.
((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))
.
.
2011-05-17 13:57 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\atapi.sys
2011-05-17 13:57 . 2008-04-13 18:40 96512 ----a-w- c:\windows\atapi.sys
2011-05-17 04:18 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-17 04:18 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-17 04:18 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-17 04:18 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-17 04:18 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-17 04:18 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-17 04:18 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-17 04:18 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-17 04:18 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-17 04:18 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-17 04:18 . 2011-05-17 04:18 -------- d-----w- c:\program files\AVAST Software
2011-05-17 04:18 . 2011-05-17 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-16 21:00 . 2011-05-16 21:00 -------- d-----w- c:\documents and settings\Todd\Application Data\Malwarebytes
2011-05-16 21:00 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 21:00 . 2011-05-16 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-16 21:00 . 2011-05-16 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 21:00 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-16 20:27 . 2011-05-16 20:27 -------- dc----w- C:\_OTL
2011-05-12 20:38 . 2011-05-12 20:38 -------- d-----w- c:\program files\Lame For Audacity
2011-05-12 20:27 . 2011-05-12 21:56 -------- d-----w- c:\documents and settings\Todd\Application Data\Audacity
2011-05-12 20:27 . 2011-05-12 20:27 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-05-12 20:20 . 2011-05-12 20:22 -------- d-----w- c:\program files\Windows Audio Recorder Professional
2011-05-06 19:02 . 2011-05-06 19:02 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-06 19:02 . 2011-05-06 19:02 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-06 19:02 . 2011-05-06 19:02 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-06 19:02 . 2011-05-06 19:02 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-06 19:02 . 2011-05-06 19:02 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-06 19:02 . 2011-05-06 19:02 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-06 19:02 . 2011-05-06 19:02 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 02:45 . 2011-05-05 02:45 -------- d-----w- c:\program files\iPod
2011-05-05 02:45 . 2011-05-05 02:46 -------- d-----w- c:\program files\iTunes
2011-05-05 02:41 . 2011-05-05 02:41 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 02:13 . 2007-11-04 03:10 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-18 18:32 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-07 05:33 . 2008-09-13 14:37 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-09-13 14:36 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-09-13 14:36 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2002-08-29 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-09-13 14:38 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 21:36 . 2009-03-12 02:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 21:36 . 2008-12-31 02:00 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-17 13:18 . 2008-09-13 14:36 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-09-13 14:36 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 22:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-01-13 20:45 . 2010-01-21 04:12 81920 ----a-w- c:\program files\Common Files\WIZ1x0SR_105SR_CFG.exe
2006-12-01 11:54 . 2010-01-21 04:12 626688 -c--a-w- c:\program files\Common Files\MSVCR80.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
------- Sigcheck -------
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\SYSTEM32\DRIVERS\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-11 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-30 4800512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-09 151597]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\documents and settings\Todd\Start Menu\Programs\Startup\
GoBox.lnk - c:\qoobox\Quarantine\C\Program Files\GoBox Toolbar\gobox_desktop.exe.vir [2011-5-3 446464]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder 2010.lnk - c:\windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2010-6-10 341328]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01 135264 -c--a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-01-30 23:55 196608 -c--a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2003-01-30 23:55 311296 -c--a-w- c:\windows\SYSTEM32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 06:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
2005-02-21 11:21 192512 -c--a-w- c:\program files\Lexmark 3300 Series\lxccmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 -c--a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 01:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tbinnerarity\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tbinnerarity\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [5/16/2011 11:18 PM 441176]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/16/2011 11:18 PM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/16/2011 11:18 PM 19544]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 07:19 PM 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: amphire.net\commerce
Trusted Zone: csplans.com\teamsterups
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-gobox - c:\program files\GoBox Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-17 09:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="refobaju.dll,c:\\windows\\system32\\vebimayo.dll,refobaju.dll,c:\\windows\\system32\\kiduruka.dll,c:\\windows\\system32\\goyetude.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3324)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-05-17 09:34:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-17 14:34
ComboFix2.txt 2011-05-17 03:54
.
Pre-Run: 23,823,351,808 bytes free
Post-Run: 23,815,299,072 bytes free
.
- - End Of File - - 4C403008F603FF15FC324EF7F7EAADD5
  • 0

#9
fullspeed2

fullspeed2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ASWmbr 'fix' button was enabled...here is the log...btw...thanks so much for all your help

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-17 10:17:18
-----------------------------
10:17:18.282 OS Version: Windows 5.1.2600 Service Pack 3
10:17:18.282 Number of processors: 1 586 0x209
10:17:18.282 ComputerName: BEDROOM UserName: Todd
10:17:18.782 Initialize success
10:17:33.470 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:17:33.470 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
10:17:35.501 Disk 0 MBR read successfully
10:17:35.501 Disk 0 MBR scan
10:17:35.501 Disk 0 Windows XP default MBR code
10:17:37.501 Disk 0 scanning sectors +156232125
10:17:37.532 Disk 0 scanning C:\WINDOWS\system32\drivers
10:17:47.892 Service scanning
10:17:48.923 Disk 0 trace - called modules:
10:17:48.938 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:17:48.954 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae92ab8]
10:17:48.954 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8af16d98]
10:17:48.954 Scan finished successfully
10:18:25.501 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Todd\Desktop\MBR.dat"
10:18:25.501 The log file has been saved successfully to "C:\Documents and Settings\Todd\Desktop\aswMBR.txt"
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
Are you sure that the FIX button and not the FixMBR button is enabled? IF it is then please press it but it doesn't look like it would be.

I didn't quite get the atapi.sys replacement right last time.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

FCopy::
c:\windows\atapi.sys | c:\windows\SYSTEM32\DRIVERS\atapi.sys
c:\windows\atapi.sys | c:\windows\system32\dllcache\atapi.sys



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

How is it running now?

Ron
  • 0

Advertisements


#11
fullspeed2

fullspeed2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Im sorry, you are right, the fix is faded, it is the fixMBR that is enabled. Should I still run the script that you put in your last reply?
  • 0

#12
fullspeed2

fullspeed2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ron, its running much better. The original problem of Firefox not opening correctly is fixed. Thanks so much for you help! I ran the script you created in George.exe and here is the log:

ComboFix 11-05-17.03 - Todd 05/18/2011 13:23:56.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2040 [GMT -5:00]
Running from: c:\documents and settings\Todd\Desktop\george1.exe.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-17 13:57 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\atapi.sys
2011-05-17 13:57 . 2008-04-13 18:40 96512 ----a-w- c:\windows\atapi.sys
2011-05-17 04:18 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-17 04:18 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-17 04:18 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-17 04:18 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-17 04:18 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-17 04:18 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-17 04:18 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-17 04:18 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-17 04:18 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-17 04:18 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-17 04:18 . 2011-05-17 04:18 -------- d-----w- c:\program files\AVAST Software
2011-05-17 04:18 . 2011-05-17 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-16 21:00 . 2011-05-16 21:00 -------- d-----w- c:\documents and settings\Todd\Application Data\Malwarebytes
2011-05-16 21:00 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 21:00 . 2011-05-16 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-16 21:00 . 2011-05-16 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 21:00 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-16 20:27 . 2011-05-16 20:27 -------- dc----w- C:\_OTL
2011-05-12 20:38 . 2011-05-12 20:38 -------- d-----w- c:\program files\Lame For Audacity
2011-05-12 20:27 . 2011-05-12 21:56 -------- d-----w- c:\documents and settings\Todd\Application Data\Audacity
2011-05-12 20:27 . 2011-05-12 20:27 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-05-12 20:20 . 2011-05-12 20:22 -------- d-----w- c:\program files\Windows Audio Recorder Professional
2011-05-06 19:02 . 2011-05-06 19:02 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-06 19:02 . 2011-05-06 19:02 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-06 19:02 . 2011-05-06 19:02 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-06 19:02 . 2011-05-06 19:02 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-06 19:02 . 2011-05-06 19:02 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-06 19:02 . 2011-05-06 19:02 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-06 19:02 . 2011-05-06 19:02 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 02:45 . 2011-05-05 02:45 -------- d-----w- c:\program files\iPod
2011-05-05 02:45 . 2011-05-05 02:46 -------- d-----w- c:\program files\iTunes
2011-05-05 02:41 . 2011-05-05 02:41 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 02:13 . 2007-11-04 03:10 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-18 18:32 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-07 05:33 . 2008-09-13 14:37 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-09-13 14:36 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-09-13 14:36 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2002-08-29 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-09-13 14:38 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 21:36 . 2009-03-12 02:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 21:36 . 2008-12-31 02:00 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-01-13 20:45 . 2010-01-21 04:12 81920 ----a-w- c:\program files\Common Files\WIZ1x0SR_105SR_CFG.exe
2006-12-01 11:54 . 2010-01-21 04:12 626688 -c--a-w- c:\program files\Common Files\MSVCR80.dll
.
.
------- Sigcheck -------
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\SYSTEM32\DRIVERS\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-11 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-30 4800512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-09 151597]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\documents and settings\Todd\Start Menu\Programs\Startup\
GoBox.lnk - c:\qoobox\Quarantine\C\Program Files\GoBox Toolbar\gobox_desktop.exe.vir [2011-5-3 446464]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder 2010.lnk - c:\windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2010-6-10 341328]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01 135264 -c--a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-01-30 23:55 196608 -c--a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2003-01-30 23:55 311296 -c--a-w- c:\windows\SYSTEM32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 06:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
2005-02-21 11:21 192512 -c--a-w- c:\program files\Lexmark 3300 Series\lxccmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 -c--a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 01:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tbinnerarity\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tbinnerarity\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [5/16/2011 11:18 PM 441176]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/16/2011 11:18 PM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/16/2011 11:18 PM 19544]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 07:19 PM 13592]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: amphire.net\commerce
Trusted Zone: csplans.com\teamsterups
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-18 13:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="refobaju.dll,c:\\windows\\system32\\vebimayo.dll,refobaju.dll,c:\\windows\\system32\\kiduruka.dll,c:\\windows\\system32\\goyetude.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2484)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-18 13:48:03
ComboFix-quarantined-files.txt 2011-05-18 18:47
ComboFix2.txt 2011-05-17 14:34
ComboFix3.txt 2011-05-17 03:54
.
Pre-Run: 23,520,579,584 bytes free
Post-Run: 23,396,167,680 bytes free
.
- - End Of File - - 70E8D6311D3A7B664B1B6E78212D5B82
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
I can't seem to get it to use the newer atapi.sys. Don't know why. The one it is using is an older version but appears to be a valid one.

Let's do a general checkup and see if we have any errors to worry about:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#14
fullspeed2

fullspeed2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
a3d.dll
oembios.bin
oembios.dat
oembios.sig
omci.sys
acfpdf.txt
acpdf207.dll
acpdfui207.dll
lxpr2fax.gpd

these were the unsigned files
  • 0

#15
fullspeed2

fullspeed2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 18/05/2011 10:50:55 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP