Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

(Program name).exe not a valid windows image

Started by Id_Whispers , Jun 02 2011 02:14 PM

  • This topic is locked This topic is locked

#1
Id_Whispers
Posted 02 June 2011 - 02:14 PM

Id_Whispers

    Member

  • Member
  • PipPip
  • 19 posts
Can someone find and kill this pesky critter?

Looking over a friends shoulder via Crossloop - Cleaning up a friends 'puter - Smut removal, multiple virus scanners, and a raft of "complication" , Malwarebytes scan was run, Microsoft Essentials was installed and scan run, and IE8 re-installed. But I cant find this pesky error box that keeps popping up. He says he got it while browsing a porn site. OTL Info follows

OTL logfile created on: 6/2/2011 12:53:11 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 544.16 Mb Available Physical Memory | 53.25% Memory free
1.66 Gb Paging File | 1.12 Gb Available in Paging File | 67.42% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.34 Gb Total Space | 45.39 Gb Free Space | 63.62% Space Free | Partition Type: NTFS

Computer Name: BEAR-E1A69A5ACD | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\CrossLoopService.exe (CrossLoop Inc)
PRC - C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop)
PRC - C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\tvnserver.exe (GlavSoft LLC.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Paltalk Messenger\ctrlkey.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\screenhooks.dll ()


========== Win32 Services (SafeList) ==========

SRV - (maconfservice) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (CrossLoopService) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\CrossLoopService.exe (CrossLoop Inc)
SRV - (tvnserver) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\tvnserver.exe (GlavSoft LLC.)
SRV - (UxTuneUp) -- C:\WINDOWS\SYSTEM32\uxtuneup.dll (TuneUp Software GmbH)


========== Driver Services (SafeList) ==========

DRV - (MpKsl8260eee5) -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C490B2DC-5A08-4E4E-8422-DDA0A75B6C00}\MpKsl8260eee5.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (fssfltr) -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\SYSTEM32\DRIVERS\LV561AV.SYS (Logitech Inc.)
DRV - (RT73) -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (Afc) -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys (Arcsoft, Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ca/Default.aspx
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.sympatico...a/Default.aspx"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/11/21 22:36:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/11/21 10:19:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/24 00:33:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/12/13 10:25:11 | 000,000,000 | ---D | M]

[2011/05/24 00:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Mozilla\Extensions
[2011/05/24 00:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/24 00:33:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/22 13:22:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/09 11:00:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
File not found (No name found) --
[2010/11/21 10:19:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/19 12:49:51 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2010/11/21 22:36:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/11/10 06:43:30 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/11/21 17:45:04 | 001,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/11/21 17:45:26 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/05/30 12:25:17 | 000,000,822 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1306264008328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/02 20:06:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 12:52:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\OTL.exe
[2011/06/01 15:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\ElevatedDiagnostics
[2011/06/01 15:12:14 | 000,765,728 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Mats_Run.WinSecurity.exe
[2011/06/01 14:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Tracing
[2011/06/01 14:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\microsoft
[2011/06/01 14:26:26 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2011/06/01 14:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/06/01 14:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Live
[2011/06/01 14:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/06/01 14:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/05/26 16:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\WINDOWS
[2011/05/26 04:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\ApplicationHistory
[2011/05/25 15:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Windows Search
[2011/05/25 14:49:16 | 014,166,074 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\firefox-7.0a1.en-US.win32.installer.exe
[2011/05/25 09:21:09 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/05/25 09:21:09 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/05/24 17:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight
[2011/05/24 16:57:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/05/24 16:57:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/05/24 16:56:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/05/24 16:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Windows Desktop Search
[2011/05/24 16:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/05/24 16:54:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/05/24 16:51:26 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011/05/24 16:51:26 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011/05/24 16:51:26 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011/05/24 16:48:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011/05/24 16:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/05/24 15:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\Downloads
[2011/05/24 15:32:30 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/05/24 15:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/24 00:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\Mozilla
[2011/05/24 00:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Mozilla
[2011/05/23 18:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Avira
[2011/05/23 17:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Avira
[2011/05/23 17:59:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/23 17:59:16 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/23 17:59:16 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/23 17:59:16 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/23 17:59:16 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/23 17:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/23 17:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2011/05/23 17:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Start Menu\Programs\CrossLoop
[2011/05/23 17:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop
[2011/05/23 13:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Malwarebytes
[2011/05/23 12:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/23 12:53:57 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/23 12:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/05/23 12:48:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/23 12:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\cleaners
[2011/05/23 12:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\HijackThis
[2011/05/23 12:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/23 12:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/23 12:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2011/05/23 07:36:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Recent
[2011/05/16 04:48:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 12:52:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\OTL.exe
[2011/06/02 11:32:57 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{006C1E49-018B-4DDC-8577-5B986CD2FACD}.job
[2011/06/02 04:54:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/02 04:49:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/01 15:12:16 | 000,765,728 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Mats_Run.WinSecurity.exe
[2011/06/01 15:07:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/01 14:54:43 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/01 14:40:54 | 000,501,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/01 14:40:54 | 000,086,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/01 14:35:59 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/30 12:25:17 | 000,000,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/28 20:29:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/27 17:15:40 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2011/05/25 15:15:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/25 14:56:59 | 014,166,074 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\firefox-7.0a1.en-US.win32.installer.exe
[2011/05/24 16:54:53 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
[2011/05/24 15:43:35 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Mozilla Firefox.lnk
[2011/05/24 15:29:57 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/24 15:04:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/24 13:16:55 | 000,016,417 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\bookmark.htm
[2011/05/24 13:16:55 | 000,000,317 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\feeds.opml
[2011/05/24 00:34:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/05/24 00:33:33 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/23 17:31:49 | 000,002,464 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\CrossLoop.lnk
[2011/05/23 15:23:34 | 000,005,775 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20110523-152334.backup
[2011/05/23 13:36:45 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/23 12:58:32 | 000,004,711 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\hijackthis log
[2011/05/23 12:40:28 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/16 20:04:59 | 007,190,072 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\PalMotion211D.exe
[2011/05/13 04:49:58 | 000,176,694 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\UPS.bmp
[2011/05/08 15:00:53 | 000,213,148 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Ringtone1.mp3
[2011/05/04 13:31:47 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/24 16:54:53 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Search.lnk
[2011/05/24 16:54:53 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
[2011/05/24 16:47:21 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/05/24 15:43:35 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Mozilla Firefox.lnk
[2011/05/24 15:34:28 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/24 15:29:57 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/24 15:29:13 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/24 15:04:24 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/24 15:04:24 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Start Menu\Programs\Internet Explorer.lnk
[2011/05/24 13:16:55 | 000,000,317 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\feeds.opml
[2011/05/24 13:16:54 | 000,016,417 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\bookmark.htm
[2011/05/24 00:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/24 00:33:33 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/24 00:33:33 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/23 17:31:49 | 000,002,464 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\CrossLoop.lnk
[2011/05/23 16:30:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/23 12:58:31 | 000,004,711 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\hijackthis log
[2011/05/23 12:53:14 | 000,176,694 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\UPS.bmp
[2011/05/23 12:33:12 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/08 15:00:52 | 000,213,148 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Ringtone1.mp3
[2011/03/19 18:26:26 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/18 14:01:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/11/16 21:45:11 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/11/16 21:45:11 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/11/16 21:45:11 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/11/16 21:45:11 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/11/16 21:45:11 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/11/16 21:45:11 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/11/16 21:45:11 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/11/16 21:45:11 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/11/16 21:45:11 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/11/16 21:45:11 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/11/16 21:45:11 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/11/16 21:45:11 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/11/16 21:45:11 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/11/16 21:45:11 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/11/16 21:45:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/11/16 21:45:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/11/16 21:44:12 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2010/11/16 18:09:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/16 18:01:29 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/16 12:52:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/16 12:50:13 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/13 22:41:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2010/01/13 22:38:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/03/22 14:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 14:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,501,936 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,086,418 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\win32sta.dll
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/05/23 14:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/11/16 21:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2010/11/18 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TP-LINK Driver
[2010/11/19 13:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
[2011/06/01 15:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\ElevatedDiagnostics
[2011/01/07 15:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Free PDF Tablet
[2010/11/16 21:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Leadertech
[2011/05/24 14:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\ManyCam
[2010/11/18 18:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Paltalk
[2011/05/23 20:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\PriceGong
[2010/11/18 20:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Tific
[2010/11/19 13:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\TuneUp Software
[2010/11/19 13:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Uniblue
[2011/05/24 16:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Windows Desktop Search
[2011/05/25 15:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Windows Search
[2011/05/27 17:15:40 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2011/06/02 04:54:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/19 13:14:48 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2011/06/02 11:32:57 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{006C1E49-018B-4DDC-8577-5B986CD2FACD}.job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 6/2/2011 12:53:11 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 544.16 Mb Available Physical Memory | 53.25% Memory free
1.66 Gb Paging File | 1.12 Gb Available in Paging File | 67.42% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.34 Gb Total Space | 45.39 Gb Free Space | 63.62% Space Free | Partition Type: NTFS

Computer Name: BEAR-E1A69A5ACD | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
"C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.)
"C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\rundll32.exe" = C:\WINDOWS\SYSTEM32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\tvnserver.exe" = C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\tvnserver.exe:*:Enabled:tvnserver.exe -- (GlavSoft LLC.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF78023-EFA4-491F-9F5A-284DE97AA326}" = TL-WN321G Wireless Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 23
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CrossLoop_is1" = CrossLoop 2.74
"DivX Setup.divx.com" = DivX Setup
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PalTalk8.2" = Paltalk Messenger
"PROSet" = Intel® PRO Network Connections Drivers
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2011 7:07:20 AM | Computer Name = BEAR-E1A69A5ACD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x7ff91277.

Error - 5/27/2011 7:09:27 AM | Computer Name = BEAR-E1A69A5ACD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x7ff91277.

Error - 5/27/2011 7:10:01 AM | Computer Name = BEAR-E1A69A5ACD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x7ff91277.

Error - 5/27/2011 7:10:05 AM | Computer Name = BEAR-E1A69A5ACD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x7ff91277.

Error - 5/27/2011 7:22:14 AM | Computer Name = BEAR-E1A69A5ACD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x7ff91277.

Error - 5/27/2011 7:24:00 AM | Computer Name = BEAR-E1A69A5ACD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x7ff91277.

Error - 5/27/2011 7:24:03 AM | Computer Name = BEAR-E1A69A5ACD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x7ff91277.

Error - 5/27/2011 7:25:45 AM | Computer Name = BEAR-E1A69A5ACD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x7ff91277.

Error - 5/27/2011 7:25:49 AM | Computer Name = BEAR-E1A69A5ACD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x7ff91277.

Error - 5/27/2011 7:25:52 AM | Computer Name = BEAR-E1A69A5ACD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x7ff91277.

[ System Events ]
Error - 5/30/2011 4:04:22 PM | Computer Name = BEAR-E1A69A5ACD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/30/2011 4:05:47 PM | Computer Name = BEAR-E1A69A5ACD | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/30/2011 4:05:49 PM | Computer Name = BEAR-E1A69A5ACD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 6/1/2011 2:25:59 PM | Computer Name = BEAR-E1A69A5ACD | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 6/1/2011 2:25:59 PM | Computer Name = BEAR-E1A69A5ACD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 6/1/2011 2:25:59 PM | Computer Name = BEAR-E1A69A5ACD | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 6/1/2011 2:39:13 PM | Computer Name = BEAR-E1A69A5ACD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 6/1/2011 2:39:13 PM | Computer Name = BEAR-E1A69A5ACD | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 6/2/2011 4:50:29 AM | Computer Name = BEAR-E1A69A5ACD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 6/2/2011 4:50:29 AM | Computer Name = BEAR-E1A69A5ACD | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >
  • 0

Advertisements

#2
Render
Posted 08 June 2011 - 03:28 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, Id_Whispers! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Sorry for the delay.

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Please follow the steps below:

Step 1

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Step 2

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 3

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:
  • RogueKiller log
  • aswMBR log
  • OTL scan log

  • 0

#3
Id_Whispers
Posted 09 June 2011 - 01:44 PM

Id_Whispers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you Render.

Appended are the 3 reports as requested.

Two things to note. PalTalk and Crossloop were executing so I could talk my XP friend thru the instructions And ... we were unable to kill Avira Antivirus with Hijackthis, which was attempted long before we got you into this.

Was thinking later of

:OTL
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

But I wont attempt anything while you are assisting us, until told to do so.

Once again, thank you.

Id_Whispers.
:)

RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date : 06/09/2011 12:09:30

Bad processes: 6
[SUSP PATH] screenhooks.dll -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\screenhooks.dll -> UNLOADED
[SUSP PATH] CrossLoopService.exe -- c:\documents and settings\owner.bear-e1a69a5acd\local settings\application data\crossloop\crossloopservice.exe -> KILLED
[SUSP PATH] WeatherEye.exe -- c:\documents and settings\owner.bear-e1a69a5acd\local settings\application data\theweathernetwork\weathereye\weathereye.exe -> KILLED
[SUSP PATH] CrossLoopConnect.exe -- c:\documents and settings\owner.bear-e1a69a5acd\local settings\application data\crossloop\crossloopconnect.exe -> KILLED
[SUSP PATH] tvnserver.exe -- c:\documents and settings\owner.bear-e1a69a5acd\local settings\application data\crossloop\tvnserver.exe -> KILLED
[SUSP PATH] tvnserver.exe -- c:\documents and settings\owner.bear-e1a69a5acd\local settings\application data\crossloop\tvnserver.exe -> KILLED

Registry Entries: 3
[SUSP PATH] HKCU\[...]\Run : WeatherEye (C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1177238915-1060284298-839522115-1003[...]\Run : WeatherEye (C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt



aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-09 12:13:41
-----------------------------
12:13:41.546 OS Version: Windows 5.1.2600 Service Pack 3
12:13:41.546 Number of processors: 1 586 0x401
12:13:41.546 ComputerName: BEAR-E1A69A5ACD UserName: Owner
12:13:43.062 Initialize success
12:14:01.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:14:01.593 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
12:14:03.625 Disk 0 MBR read successfully
12:14:03.656 Disk 0 MBR scan
12:14:03.656 Disk 0 Windows XP default MBR code
12:14:05.671 Disk 0 scanning sectors +156232125
12:14:05.734 Disk 0 scanning C:\WINDOWS\system32\drivers
12:14:40.031 Service scanning
12:14:41.546 Disk 0 trace - called modules:
12:14:41.578 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
12:14:41.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f8fab8]
12:14:41.625 3 CLASSPNP.SYS[f76d7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f51d98]
12:14:41.625 Scan finished successfully
12:15:06.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\MBR.dat"
12:15:06.890 The log file has been saved successfully to "C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\aswMBRlog.txt"

OTL logfile created on: 6/9/2011 12:20:24 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 509.27 Mb Available Physical Memory | 49.83% Memory free
1.66 Gb Paging File | 1.10 Gb Available in Paging File | 66.61% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.34 Gb Total Space | 45.25 Gb Free Space | 63.43% Space Free | Partition Type: NTFS

Computer Name: BEAR-E1A69A5ACD | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/09 12:18:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\OTL.exe
PRC - [2011/05/29 00:56:00 | 013,686,536 | ---- | M] (AVM Software Inc.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/17 19:23:34 | 001,183,744 | ---- | M] (CrossLoop) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe
PRC - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\tvnserver.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/09 12:18:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\OTL.exe
MOD - [2011/05/29 00:56:04 | 000,048,368 | ---- | M] () -- C:\Program Files\Paltalk Messenger\ctrlkey.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/20 12:18:58 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\screenhooks.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (maconfservice)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/17 19:26:38 | 000,560,848 | ---- | M] (CrossLoop Inc) [Auto | Stopped] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2007/05/16 10:41:18 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\SYSTEM32\uxtuneup.dll -- (UxTuneUp)


========== Driver Services (SafeList) ==========

DRV - [2011/06/09 04:47:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE993773-4CD5-4EAB-BAEA-B4CE8007D044}\MpKsl62451a63.sys -- (MpKsl62451a63)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2008/10/21 12:16:58 | 000,465,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/10/29 11:13:26 | 000,732,928 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.sympatico...a/Default.aspx"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/24 00:33:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/12/13 10:25:11 | 000,000,000 | ---D | M]

[2011/05/24 00:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Mozilla\Extensions
[2011/05/24 00:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/11/21 10:19:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/19 12:49:51 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2010/11/21 22:36:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/30 12:25:17 | 000,000,822 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1177238915-1060284298-839522115-1003..\Run: [WeatherEye] C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1306264008328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/02 20:06:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\SYSTEM32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/09 12:17:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\OTL.exe
[2011/06/09 12:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\New Folder
[2011/06/09 12:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\TightVNC
[2011/06/09 09:20:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Recent
[2011/06/08 18:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Start Menu\Programs\TheWeatherNetwork
[2011/06/08 18:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\TheWeatherNetwork
[2011/06/01 15:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\ElevatedDiagnostics
[2011/06/01 15:12:14 | 000,765,728 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Mats_Run.WinSecurity.exe
[2011/06/01 14:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Tracing
[2011/06/01 14:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\microsoft
[2011/06/01 14:26:26 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2011/06/01 14:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/06/01 14:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Live
[2011/06/01 14:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/06/01 14:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/05/26 16:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\WINDOWS
[2011/05/26 04:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\ApplicationHistory
[2011/05/25 15:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Windows Search
[2011/05/25 14:49:16 | 014,166,074 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\firefox-7.0a1.en-US.win32.installer.exe
[2011/05/25 09:21:09 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/05/25 09:21:09 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/05/24 17:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight
[2011/05/24 16:57:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/05/24 16:57:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/05/24 16:56:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/05/24 16:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Windows Desktop Search
[2011/05/24 16:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/05/24 16:54:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/05/24 16:51:26 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011/05/24 16:51:26 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011/05/24 16:51:26 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011/05/24 16:48:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011/05/24 16:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/05/24 15:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\Downloads
[2011/05/24 15:32:30 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/05/24 15:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/24 00:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\Mozilla
[2011/05/24 00:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Mozilla
[2011/05/23 18:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Avira
[2011/05/23 17:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Avira
[2011/05/23 17:59:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/23 17:59:16 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/23 17:59:16 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/23 17:59:16 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/23 17:59:16 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/23 17:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/23 17:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2011/05/23 17:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Start Menu\Programs\CrossLoop
[2011/05/23 17:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop
[2011/05/23 13:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Malwarebytes
[2011/05/23 12:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/23 12:53:57 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/23 12:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/05/23 12:48:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/23 12:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\cleaners
[2011/05/23 12:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\HijackThis
[2011/05/23 12:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/23 12:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/23 12:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2011/05/16 04:48:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/09 12:18:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\OTL.exe
[2011/06/09 05:55:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{006C1E49-018B-4DDC-8577-5B986CD2FACD}.job
[2011/06/09 04:52:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/09 04:47:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/04 13:54:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/03 04:48:18 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/01 15:12:16 | 000,765,728 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Mats_Run.WinSecurity.exe
[2011/06/01 14:55:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/01 14:40:54 | 000,501,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/01 14:40:54 | 000,086,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/30 12:25:17 | 000,000,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/28 20:29:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/27 17:15:40 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2011/05/25 15:15:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/25 14:56:59 | 014,166,074 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\firefox-7.0a1.en-US.win32.installer.exe
[2011/05/24 16:54:53 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
[2011/05/24 15:43:35 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Mozilla Firefox.lnk
[2011/05/24 15:29:57 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/24 15:04:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/24 13:16:55 | 000,016,417 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\bookmark.htm
[2011/05/24 13:16:55 | 000,000,317 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\feeds.opml
[2011/05/24 00:34:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/05/24 00:33:33 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/23 17:31:49 | 000,002,464 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\CrossLoop.lnk
[2011/05/23 15:23:34 | 000,005,775 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20110523-152334.backup
[2011/05/23 13:36:45 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/23 12:58:32 | 000,004,711 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\hijackthis log
[2011/05/23 12:40:28 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/16 20:04:59 | 007,190,072 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\PalMotion211D.exe
[2011/05/13 04:49:58 | 000,176,694 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\UPS.bmp
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/24 16:54:53 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Search.lnk
[2011/05/24 16:54:53 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
[2011/05/24 16:47:21 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/05/24 15:43:35 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Mozilla Firefox.lnk
[2011/05/24 15:34:28 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/24 15:29:57 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/24 15:29:13 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/24 15:04:24 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/24 15:04:24 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Start Menu\Programs\Internet Explorer.lnk
[2011/05/24 13:16:55 | 000,000,317 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\feeds.opml
[2011/05/24 13:16:54 | 000,016,417 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\bookmark.htm
[2011/05/24 00:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/24 00:33:33 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/24 00:33:33 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/23 17:31:49 | 000,002,464 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\CrossLoop.lnk
[2011/05/23 16:30:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/23 12:58:31 | 000,004,711 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\hijackthis log
[2011/05/23 12:53:14 | 000,176,694 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\UPS.bmp
[2011/05/23 12:33:12 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/19 18:26:26 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/18 14:01:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/11/16 21:45:11 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/11/16 21:45:11 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/11/16 21:45:11 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/11/16 21:45:11 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/11/16 21:45:11 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/11/16 21:45:11 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/11/16 21:45:11 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/11/16 21:45:11 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/11/16 21:45:11 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/11/16 21:45:11 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/11/16 21:45:11 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/11/16 21:45:11 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/11/16 21:45:11 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/11/16 21:45:11 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/11/16 21:45:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/11/16 21:45:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/11/16 21:44:12 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2010/11/16 18:09:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/16 18:01:29 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/16 12:52:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/16 12:50:13 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/13 22:41:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2010/01/13 22:38:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/03/22 14:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 14:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,501,936 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,086,418 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\win32sta.dll
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/05/23 14:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/11/16 21:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2010/11/18 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TP-LINK Driver
[2010/11/19 13:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
[2006/04/03 13:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
[2011/05/24 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\TightVNC
[2011/05/24 05:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Application Data\PriceGong
[2007/08/16 19:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.gaim
[2006/04/06 15:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
[2010/11/19 13:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG7
[2006/10/31 09:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bell
[2006/12/06 17:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Digital Asphyxia
[2006/12/07 21:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/11/19 13:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2006/04/05 17:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2007/12/24 18:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2009/09/27 20:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\.gaim
[2010/11/15 20:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\Bell
[2010/11/19 13:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\FrostWire
[2008/09/21 17:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\ICAClient
[2010/11/14 10:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\Internet Security Suite
[2009/12/15 10:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\Leadertech
[2010/11/19 13:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\LimeWire
[2008/06/06 09:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\MSNInstaller
[2008/10/21 20:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\OpenOffice.org
[2010/09/05 12:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\Paltalk
[2009/09/21 18:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\Rogers Online Protection
[2010/11/12 13:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\TuneUp Software
[2010/11/15 20:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\Uniblue
[2010/11/19 13:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\uTorrent
[2011/06/01 15:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\ElevatedDiagnostics
[2011/01/07 15:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Free PDF Tablet
[2010/11/16 21:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Leadertech
[2011/05/24 14:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\ManyCam
[2010/11/18 18:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Paltalk
[2011/05/23 20:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\PriceGong
[2010/11/18 20:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Tific
[2011/06/09 12:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\TightVNC
[2010/11/19 13:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\TuneUp Software
[2010/11/19 13:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Uniblue
[2011/05/24 16:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Windows Desktop Search
[2011/05/25 15:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Windows Search
[2011/05/27 17:15:40 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2011/06/09 04:52:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/19 13:14:48 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2011/06/09 05:55:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{006C1E49-018B-4DDC-8577-5B986CD2FACD}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/04/18 17:16:48 | 001,951,432 | ---- | M] (Microsoft Corporation) -- C:\ppviewer.exe
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#4
Render
Posted 09 June 2011 - 02:17 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Can you please make a screenshot of that pop-up window and post it in your next reply?

Please uninstall one of these antivirus programmes: Avira or Microsoft Security Essentials.

How to unistall program in Windows XP:

  • Click Start, click Control Panel, and then double-click Add or Remove Programs.
  • In the Currently installed programs box, click the program that you want to remove, and then click Remove.
  • If you are prompted to confirm the removal of the program, click Yes.

Then run this OTL fix:

We need to run an OTL Fix

  • Please right click on Posted Image on your desktop and click on Run as administrator.
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • 0

#5
Id_Whispers
Posted 10 June 2011 - 03:02 PM

Id_Whispers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi

Requested Screen Shot attached, though the message has changed. Executing any program precipitates it.

Cannot uninstall Avira Antivirus. Not on the list of installed programs in Windows SP Change/remove population. TuneUp 2007 doesn't list it as installed either. Also there is no Uninstall executable in Avira folder on the hard drive. If attempting to delete/shred any of it. Windows has it protected with processes running.

OTL fix log follows.

Thank you
Id_Whispers :)

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1177238915-1060284298-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\cleaners\cmd.bat deleted successfully.
C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\cleaners\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Bear
->Temp folder emptied: 1585875 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.NT AUTHORITY.001
->Temp folder emptied: 3534 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 5114 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 8438786 bytes
->Flash cache emptied: 11840 bytes

User: Owner.BEAR-82C00D4CD5
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 88861413 bytes
->FireFox cache emptied: 50789478 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 165182 bytes

User: Owner.BEAR-E1A69A5ACD
->Temp folder emptied: 476556 bytes
->Temporary Internet Files folder emptied: 11517807 bytes
->Java cache emptied: 155246 bytes
->FireFox cache emptied: 326421876 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 3843 bytes

User: OWNER~1~BEA

User: OWNER~2~BEA

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 102417 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4124782 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 87051710 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 329364819 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 869.00 mb


[EMPTYFLASH]

User: All Users

User: All Users.WINDOWS

User: Bear

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000

User: LocalService.NT AUTHORITY.001

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000

User: NetworkService.NT AUTHORITY.001
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Owner.BEAR-82C00D4CD5
->Flash cache emptied: 0 bytes

User: Owner.BEAR-E1A69A5ACD
->Flash cache emptied: 0 bytes

User: OWNER~1~BEA

User: OWNER~2~BEA

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 06102011_122252

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Attached Thumbnails

  • Screenshot .jpg

  • 0

#6
Render
Posted 10 June 2011 - 04:14 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please follow the steps below:

Step 1

We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Click Next >>. If no application is listed click on Application not found? Try this.
Select any Avira entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Step 2

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Step 3

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

When completed the above, please post back the following in the order asked for:
  • Contents of the RKreport.txt
  • aswMBR log

  • 0

#7
Id_Whispers
Posted 11 June 2011 - 12:00 PM

Id_Whispers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi.

Finding only Malwarebyes and Spybot, Appremover did Not find or or remove Avira virus gizmo.

Had my friend go into Safe Mode and shred the Avira folder from c:/programfiles/

Appended is the RKreport, and aswMBR logs as requested.

Additionally another OTL scan showing the few drivers remaining.

I apologize for going beyond your instructions, but my acquaintance insisted on doing something, he is frustrated and needed to see some sort of progress. He is now gone for the weekend and can continue on Monday.

Thank you
Id_Whispers
:)

RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date : 06/11/2011 13:19:10

Bad processes: 2
[SUSP PATH] CrossLoopService.exe -- c:\documents and settings\owner.bear-e1a69a5acd\local settings\application data\crossloop\crossloopservice.exe -> KILLED
[SUSP PATH] WeatherEye.exe -- c:\documents and settings\owner.bear-e1a69a5acd\local settings\application data\theweathernetwork\weathereye\weathereye.exe -> KILLED

Registry Entries: 3
[SUSP PATH] HKCU\[...]\Run : WeatherEye (C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1177238915-1060284298-839522115-1003[...]\Run : WeatherEye (C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
ÿ₫1

Finished : << RKreport[1].txt >>
RKreport[1].txt


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-11 13:22:14
-----------------------------
13:22:14.562 OS Version: Windows 5.1.2600 Service Pack 3
13:22:14.562 Number of processors: 1 586 0x401
13:22:14.562 ComputerName: BEAR-E1A69A5ACD UserName: Owner
13:22:15.140 Initialize success
13:22:25.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:22:25.031 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
13:22:27.062 Disk 0 MBR read successfully
13:22:27.062 Disk 0 MBR scan
13:22:27.062 Disk 0 Windows XP default MBR code
13:22:29.062 Disk 0 scanning sectors +156232125
13:22:29.093 Disk 0 scanning C:\WINDOWS\system32\drivers
13:22:37.359 Service scanning
13:22:38.390 Disk 0 trace - called modules:
13:22:38.390 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
13:22:38.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f8fab8]
13:22:38.406 3 CLASSPNP.SYS[f76d7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f51d98]
13:22:38.406 Scan finished successfully
13:23:22.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\MBR.dat"
13:23:22.187 The log file has been saved successfully to "C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\aswMBRlog.txt"


OTL logfile created on: 6/11/2011 1:27:26 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\cleaners
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 619.27 Mb Available Physical Memory | 60.59% Memory free
1.66 Gb Paging File | 1.27 Gb Available in Paging File | 76.90% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.34 Gb Total Space | 46.00 Gb Free Space | 64.48% Space Free | Partition Type: NTFS

Computer Name: BEAR-E1A69A5ACD | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\cleaners\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop)
PRC - C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\tvnserver.exe (GlavSoft LLC.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\cleaners\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Paltalk Messenger\ctrlkey.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\screenhooks.dll ()


========== Win32 Services (SafeList) ==========

SRV - (maconfservice) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AntiVirService) -- File not found
SRV - (AntiVirSchedulerService) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (CrossLoopService) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\CrossLoopService.exe (CrossLoop Inc)
SRV - (tvnserver) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop\tvnserver.exe (GlavSoft LLC.)
SRV - (UxTuneUp) -- C:\WINDOWS\SYSTEM32\uxtuneup.dll (TuneUp Software GmbH)


========== Driver Services (SafeList) ==========

DRV - (MpKsl53eee5c4) -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF9D60CA-F0F2-4EF0-B82E-17E80B38FD4D}\MpKsl53eee5c4.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (fssfltr) -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\SYSTEM32\DRIVERS\LV561AV.SYS (Logitech Inc.)
DRV - (RT73) -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (Afc) -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys (Arcsoft, Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ca/Default.aspx
IE - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.sympatico...a/Default.aspx"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/11/21 22:36:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/11/21 10:19:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/24 00:33:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/12/13 10:25:11 | 000,000,000 | ---D | M]

[2011/05/24 00:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Mozilla\Extensions
[2011/05/24 00:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/24 00:33:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/22 13:22:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/09 11:00:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
File not found (No name found) --
[2010/11/21 10:19:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/19 12:49:51 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2010/11/21 22:36:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/11/10 06:43:30 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/11/21 17:45:04 | 001,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/11/21 17:45:26 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/06/10 12:23:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1177238915-1060284298-839522115-1003..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1177238915-1060284298-839522115-1003..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1177238915-1060284298-839522115-1003..\Run: [WeatherEye] C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1306264008328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/02 20:06:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 13:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\fix2
[2011/06/11 13:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\RK_Quarantine
[2011/06/11 12:35:10 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\aswMBR.exe
[2011/06/11 12:30:20 | 006,443,128 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\AppRemover.exe
[2011/06/10 12:22:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/09 12:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\fix1
[2011/06/09 12:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\TightVNC
[2011/06/09 09:20:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Recent
[2011/06/08 18:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Start Menu\Programs\TheWeatherNetwork
[2011/06/08 18:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\TheWeatherNetwork
[2011/06/01 15:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\ElevatedDiagnostics
[2011/06/01 15:12:14 | 000,765,728 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Mats_Run.WinSecurity.exe
[2011/06/01 14:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Tracing
[2011/06/01 14:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\microsoft
[2011/06/01 14:26:26 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2011/06/01 14:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/06/01 14:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Live
[2011/06/01 14:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/06/01 14:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/05/26 16:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\WINDOWS
[2011/05/26 04:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\ApplicationHistory
[2011/05/25 15:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Windows Search
[2011/05/25 14:49:16 | 014,166,074 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\firefox-7.0a1.en-US.win32.installer.exe
[2011/05/25 09:21:09 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/05/25 09:21:09 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/05/24 17:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight
[2011/05/24 16:57:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/05/24 16:57:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/05/24 16:56:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/05/24 16:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Windows Desktop Search
[2011/05/24 16:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/05/24 16:54:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/05/24 16:51:26 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011/05/24 16:51:26 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011/05/24 16:51:26 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011/05/24 16:48:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011/05/24 16:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/05/24 15:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\Downloads
[2011/05/24 15:32:30 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/05/24 15:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/24 00:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\Mozilla
[2011/05/24 00:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Mozilla
[2011/05/23 18:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Avira
[2011/05/23 17:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Avira
[2011/05/23 17:59:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/23 17:59:16 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/23 17:59:16 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/23 17:59:16 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/23 17:59:16 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/23 17:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2011/05/23 17:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Start Menu\Programs\CrossLoop
[2011/05/23 17:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\CrossLoop
[2011/05/23 13:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Malwarebytes
[2011/05/23 12:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/23 12:53:57 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/23 12:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/05/23 12:48:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/23 12:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\cleaners
[2011/05/23 12:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\HijackThis
[2011/05/23 12:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/23 12:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/23 12:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2011/05/16 04:48:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

[2011/06/11 13:20:54 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/11 13:15:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/11 12:35:26 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\aswMBR.exe
[2011/06/11 12:34:53 | 000,511,488 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\RogueKiller.exe
[2011/06/11 12:33:09 | 006,443,128 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\AppRemover.exe
[2011/06/11 08:59:23 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{006C1E49-018B-4DDC-8577-5B986CD2FACD}.job
[2011/06/10 18:20:24 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2011/06/10 12:23:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/06/10 12:09:42 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\badboy.bmp
[2011/06/04 13:54:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/03 04:48:18 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/01 15:12:16 | 000,765,728 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Mats_Run.WinSecurity.exe
[2011/06/01 14:55:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/01 14:40:54 | 000,501,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/01 14:40:54 | 000,086,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/28 20:29:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/25 15:15:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/25 14:56:59 | 014,166,074 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\firefox-7.0a1.en-US.win32.installer.exe
[2011/05/24 16:54:53 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
[2011/05/24 15:43:35 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Mozilla Firefox.lnk
[2011/05/24 15:29:57 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/24 15:04:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/24 13:16:55 | 000,016,417 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\bookmark.htm
[2011/05/24 13:16:55 | 000,000,317 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\feeds.opml
[2011/05/24 00:34:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/05/24 00:33:33 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/23 17:31:49 | 000,002,464 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\CrossLoop.lnk
[2011/05/23 15:23:34 | 000,005,775 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20110523-152334.backup
[2011/05/23 13:36:45 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/23 12:58:32 | 000,004,711 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\hijackthis log
[2011/05/23 12:40:28 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/16 20:04:59 | 007,190,072 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\PalMotion211D.exe
[2011/05/13 04:49:58 | 000,176,694 | ---- | M] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\UPS.bmp

========== Files Created - No Company Name ==========

[2011/06/11 12:34:39 | 000,511,488 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\RogueKiller.exe
[2011/06/10 12:09:40 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\badboy.bmp
[2011/05/24 16:54:53 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Search.lnk
[2011/05/24 16:54:53 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
[2011/05/24 16:47:21 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/05/24 15:43:35 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Mozilla Firefox.lnk
[2011/05/24 15:34:28 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/24 15:29:57 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/24 15:29:13 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/24 15:04:24 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/24 15:04:24 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Start Menu\Programs\Internet Explorer.lnk
[2011/05/24 13:16:55 | 000,000,317 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\feeds.opml
[2011/05/24 13:16:54 | 000,016,417 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\bookmark.htm
[2011/05/24 00:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/24 00:33:33 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/24 00:33:33 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/23 17:31:49 | 000,002,464 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\CrossLoop.lnk
[2011/05/23 16:30:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/23 12:58:31 | 000,004,711 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\hijackthis log
[2011/05/23 12:53:14 | 000,176,694 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\My Documents\UPS.bmp
[2011/05/23 12:33:12 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/19 18:26:26 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/18 14:01:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/11/16 21:45:11 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/11/16 21:45:11 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/11/16 21:45:11 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/11/16 21:45:11 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/11/16 21:45:11 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/11/16 21:45:11 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/11/16 21:45:11 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/11/16 21:45:11 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/11/16 21:45:11 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/11/16 21:45:11 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/11/16 21:45:11 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/11/16 21:45:11 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/11/16 21:45:11 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/11/16 21:45:11 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/11/16 21:45:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/11/16 21:45:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/11/16 21:44:12 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2010/11/16 18:09:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/16 18:01:29 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/16 12:52:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/16 12:50:13 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/13 22:41:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2010/01/13 22:38:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/03/22 14:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 14:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,501,936 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,086,418 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\win32sta.dll
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/05/23 14:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/11/16 21:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2010/11/18 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TP-LINK Driver
[2010/11/19 13:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
[2006/04/03 13:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
[2011/05/24 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\TightVNC
[2011/05/24 05:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Application Data\PriceGong
[2007/08/16 19:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.gaim
[2006/04/06 15:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
[2010/11/19 13:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG7
[2006/10/31 09:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bell
[2006/12/06 17:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Digital Asphyxia
[2006/12/07 21:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/11/19 13:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2006/04/05 17:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2007/12/24 18:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2009/09/27 20:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\.gaim
[2010/11/15 20:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\Bell
[2010/11/19 13:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\FrostWire
[2008/09/21 17:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\ICAClient
[2010/11/14 10:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\Internet Security Suite
[2009/12/15 10:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\Leadertech
[2010/11/19 13:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\LimeWire
[2008/06/06 09:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\MSNInstaller
[2008/10/21 20:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\OpenOffice.org
[2010/09/05 12:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\Paltalk
[2009/09/21 18:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\Rogers Online Protection
[2010/11/12 13:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\TuneUp Software
[2010/11/15 20:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\Uniblue
[2010/11/19 13:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-82C00D4CD5\Application Data\uTorrent
[2011/06/01 15:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\ElevatedDiagnostics
[2011/01/07 15:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Free PDF Tablet
[2010/11/16 21:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Leadertech
[2011/05/24 14:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\ManyCam
[2010/11/18 18:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Paltalk
[2011/05/23 20:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\PriceGong
[2010/11/18 20:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Tific
[2011/06/09 12:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\TightVNC
[2010/11/19 13:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\TuneUp Software
[2010/11/19 13:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Uniblue
[2011/05/24 16:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Windows Desktop Search
[2011/05/25 15:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Windows Search
[2011/06/10 18:20:24 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2011/06/11 13:20:54 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/19 13:14:48 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2011/06/11 08:59:23 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{006C1E49-018B-4DDC-8577-5B986CD2FACD}.job

========== Purity Check ==========



< End of report >
  • 0

#8
Render
Posted 11 June 2011 - 12:24 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

No problem here. It's your computer.

Avira is not a virus. But we can remove it. If you wish you can proceed with following steps above:

Step 1

Quit all running programs and run RogueKiller once again.

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 2

We need to run an OTL Fix

  • Please right click on Posted Image on your desktop and click on Run as administrator.
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
    DRV - (avipbb) -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys (Avira GmbH)
    DRV - (ssmdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys (Avira GmbH)
    [2011/05/23 18:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Avira
    [2011/05/23 17:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Avira
    [2011/05/23 17:59:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/05/23 17:59:16 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/05/23 17:59:16 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2011/05/23 17:59:16 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2011/05/23 17:59:16 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2011/05/23 17:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
    [2011/05/23 17:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

    :Files
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 3

Please download AVP Tool by Kaspersky. Save it to your desktop, and reboot your computer into SafeMode.

  • You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  • Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit OK at the prompt for scanning in Safe Mode.
  • It will then open a box. There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked:

    Hidden Startup Objects
    System Memory
    Disk Boot Sectors.
    My Computer.
    Also any other drives (Removable that you may have)

  • Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all.
  • If it says it cannot be Neutralized then choose the delete option when prompted.
  • After that is done click on the Reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and post it in your next reply.

Note: This scan could take a couple of hours.
This tool will self uninstall when you close it so please save the log before closing it.

When completed the above, please post back the following in the order asked for:
  • contents of the RKreport.txt
  • OTL fix log
  • AVP Tool report

  • 0

#9
Id_Whispers
Posted 13 June 2011 - 08:01 PM

Id_Whispers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi ... 3 reports requestd appended ( RKreport.txt, OTL fix log, and AVP Tool report)

Problem still exists - popup occuring when clicking programs to execut them.

Thank you.
:)
Id_Whispers

=============================================
RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date : 06/13/2011 13:40:20

Bad processes: 3
[SUSP PATH] CrossLoopService.exe -- c:\documents and settings\owner.bear-e1a69a5acd\local settings\application data\crossloop\crossloopservice.exe -> KILLED
[SUSP PATH] WeatherEye.exe -- c:\documents and settings\owner.bear-e1a69a5acd\local settings\application data\theweathernetwork\weathereye\weathereye.exe -> KILLED
[SUSP PATH] setup_9.0.0.722_13.06.2011_20-50.exe -- c:\documents and settings\owner.bear-e1a69a5acd\desktop\virus removal tool\setup_9.0.0.722_13.06.2011_20-50\setup_9.0.0.722_13.06.2011_20-50.exe -> KILLED

Registry Entries: 6
[SUSP PATH] HKCU\[...]\Run : WeatherEye (C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1177238915-1060284298-839522115-1003[...]\Run : WeatherEye (C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe) -> FOUND
[SUSP PATH] setup_9.0.0.722_13.06.2011_20-50.lnk : C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Virus Removal Tool\setup_9.0.0.722_13.06.2011_20-50\startup.exe -> FOUND
[SUSP PATH] setup_9.0.0.722_13.06.2011_20-50.lnk : C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Virus Removal Tool\setup_9.0.0.722_13.06.2011_20-50\startup.exe -> FOUND
[SUSP PATH] setup_9.0.0.722_13.06.2011_20-50.lnk : C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\Virus Removal Tool\setup_9.0.0.722_13.06.2011_20-50\startup.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt



=================================================
All processes killed
========== OTL ==========
Error: No service named avipbb was found to stop!
Service\Driver key avipbb not found.
C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys moved successfully.
Error: Unable to stop service avgntflt!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys moved successfully.
Service ssmdrv stopped successfully!
Service ssmdrv deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys moved successfully.
C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Avira\AntiVir Desktop\JOBS folder moved successfully.
C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Avira\AntiVir Desktop folder moved successfully.
C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Application Data\Avira folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Avira\AntiVir Desktop folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Avira folder moved successfully.
File C:\WINDOWS\System32\drivers\ssmdrv.sys not found.
File C:\WINDOWS\System32\drivers\avipbb.sys not found.
File C:\WINDOWS\System32\drivers\avgntflt.sys not found.
C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys moved successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\UPDATE folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4e2dbea3 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\SYSSAFE folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\REPORTS folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\PROFILES folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\LOGFILES folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\JOBS folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\INFECTED folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\IDX folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\EVENTS folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\EVENTDB folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\CONFIG folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\BACKUP folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira folder moved successfully.
Folder C:\Program Files\Avira\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\cleaners\cmd.bat deleted successfully.
C:\Documents and Settings\Owner.BEAR-E1A69A5ACD\Desktop\cleaners\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Bear
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.001
->Temp folder emptied: 2384 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner.BEAR-82C00D4CD5
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner.BEAR-E1A69A5ACD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2472260 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 142407288 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2678 bytes

User: OWNER~1~BEA

User: OWNER~2~BEA

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1610 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 98148347 bytes

Total Files Cleaned = 232.00 mb


[EMPTYFLASH]

User: All Users

User: All Users.WINDOWS

User: Bear

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000

User: LocalService.NT AUTHORITY.001

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000

User: NetworkService.NT AUTHORITY.001
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Owner.BEAR-82C00D4CD5
->Flash cache emptied: 0 bytes

User: Owner.BEAR-E1A69A5ACD
->Flash cache emptied: 0 bytes

User: OWNER~1~BEA

User: OWNER~2~BEA

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 06132011_135807

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


===========================================
Autoscan: completed 10 minutes ago (events: 12, objects: 447664, time: 06:22:15)
6/13/2011 8:37:17 PM Task completed
6/13/2011 6:59:22 PM Deleted: Trojan.Win32.Qhost.rhd C:\System Volume Information\_restore{06142E44-2B83-4D61-956E-6C49C4D66B91}\RP41\A0020886.old
6/13/2011 6:59:12 PM Detected: Trojan.Win32.Qhost.rhd C:\System Volume Information\_restore{06142E44-2B83-4D61-956E-6C49C4D66B91}\RP41\A0020886.old
6/13/2011 6:13:52 PM Deleted: Trojan.Win32.Qhost.rhd C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.old
6/13/2011 6:13:01 PM Detected: Trojan.Win32.Qhost.rhd C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.old
6/13/2011 5:38:14 PM Deleted: Virus.Win32.Sality.aa C:\System Volume Information\_restore{7EE4F5E6-89BB-4537-BB13-114C5112F9B3}\RP885\A0093803.exe
6/13/2011 5:29:15 PM Detected: Virus.Win32.Sality.aa C:\System Volume Information\_restore{7EE4F5E6-89BB-4537-BB13-114C5112F9B3}\RP885\A0093803.exe
6/13/2011 4:25:25 PM Deleted: Trojan-Dropper.Win32.VB.amrz C:\System Volume Information\_restore{06142E44-2B83-4D61-956E-6C49C4D66B91}\RP41\A0020885.exe
6/13/2011 3:25:05 PM Detected: Trojan-Dropper.Win32.VB.amrz C:\System Volume Information\_restore{06142E44-2B83-4D61-956E-6C49C4D66B91}\RP41\A0020885.exe/UPX/0001\F7\AvatarSelector.exe/UPX
6/13/2011 2:25:02 PM Deleted: Trojan-Dropper.Win32.VB.amrz C:\Documents and Settings\Owner\My Documents\Yazak_Install.exe
6/13/2011 2:23:42 PM Detected: Trojan-Dropper.Win32.VB.amrz C:\Documents and Settings\Owner\My Documents\Yazak_Install.exe/UPX/0001\F7\AvatarSelector.exe/UPX
6/13/2011 2:15:01 PM Task started
  • 0

#10
Render
Posted 14 June 2011 - 10:54 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please tell me if you have your original Windows XP Home Edition CD available.
  • 0

#11
Id_Whispers
Posted 14 June 2011 - 11:25 AM

Id_Whispers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Yes , Render ... Bear has the original CD that came with his Dell. Even though it came preloaded on the hard drive.

Thanks for your prompt attention.
Id_whispers
  • 0

#12
Render
Posted 14 June 2011 - 11:33 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We will do system repair. Don't worry system repair won't delete your data, installed programs, personal information, or settings. It just repairs the operating system!
Please, have your Windows XP CD-KEY ready.

  • Boot from your Windows XP CD. Insert the Windows XP CD into your computer's CD-ROM or DVD-ROM drive, and then restart your computer.
  • When the "Press any key to boot from CD" message appears on the screen, press a key to start your computer from the Windows XP CD.

    NOTE: If computer does not boot from CD you must change device boot order in BIOS. Read here for more information.

  • A blue screen will appear and begin loading Windows XP Setup from the CD.
  • When completed loading files, you will be presented with the following "Windows Setup" screen, and your first option. Select "To set up Windows XP now, press ENTER". DO NOT select Recovery Console.

    Posted Image

  • When presented with the screen below. press the F8 key to continue.

    Posted Image

  • Next, Windows Setup will find existing Windows XP installations. You will be asked to repair an existing XP installation, or install a fresh copy of Windows XP.
  • Press the R key.

    Posted Image

  • Windows XP will appear to be installing itself for the first time, but it will retain all of your data and settings.
  • Follow the instructions that appear on the screen to reinstall Windows XP. After you repair Windows XP, you may have to reactivate your copy of Windows XP.

  • 0

#13
Render
Posted 23 June 2011 - 11:11 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP