Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect - TDSSKiller won't run

Started by JoeDownes , Jun 11 2011 08:24 AM

  • This topic is locked This topic is locked

#16
JoeDownes
Posted 12 June 2011 - 07:22 AM

JoeDownes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I couldn't hit the report button as described in step 14, because the laptop doesn't show all of the gui dialog when running in safe mode screen resolution(640x480). I might have found a work around: on the report window of the kapersky app I hit the save button in the top right corner. Here's what it saved:

Autoscan: completed 4 minutes ago (events: 8, objects: 135160, time: 02:18:39)
6/12/2011 12:38:39 PM Task started
6/12/2011 1:29:29 PM Detected: Trojan-Downloader.Win32.Agent.fqnm C:\Program Files\Vstplugins\SynthMisc\Pads, Strings, Voices, Atmosphere\ScapesWizard-mini\SPRING2.SEM
6/12/2011 1:30:24 PM Detected: Trojan-Downloader.Win32.Agent.ftjb C:\Program Files\Vstplugins\SynthMisc\Virtual Analog\Acid Rack 2.1\Acid Rack 2.1\SPRING2.SEM
6/12/2011 1:30:52 PM Deleted: Trojan-Downloader.Win32.Agent.fqnm C:\Program Files\Vstplugins\SynthMisc\Pads, Strings, Voices, Atmosphere\ScapesWizard-mini\SPRING2.SEM
6/12/2011 1:30:54 PM Deleted: Trojan-Downloader.Win32.Agent.ftjb C:\Program Files\Vstplugins\SynthMisc\Virtual Analog\Acid Rack 2.1\Acid Rack 2.1\SPRING2.SEM
6/12/2011 2:09:13 PM Detected: Virus.Win32.TDSS.e C:\WINDOWS\system32\drivers\volsnap.old
6/12/2011 2:10:39 PM Deleted: Virus.Win32.TDSS.e C:\WINDOWS\system32\drivers\volsnap.old
6/12/2011 2:57:20 PM Task completed


I'll be back for more tomorrow. Thanks for guiding me. I have some questions now concerning the infections of the laptop, the way it might have gotten infected and recommendations on how to prevent future infections. Should I post them on a different part of this forum?
I did a quick search on the spring2.sem file and it seems to be a false positive. Can you confirm that it's safe to reinstall the newer versions of the file that synthedit provides?

Edited by JoeDownes, 12 June 2011 - 07:28 AM.

  • 0

Advertisements

#17
Render
Posted 12 June 2011 - 07:42 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

It can be that is false positive indeed. Please check the file at VirusTotal's online AV multi scanner.

Overall your logs seems clean. Are you having any problems with your computer?

Please scan also your external drive(s), USB stick(s) etc. This file looks suspicious to me: G:\tanja/todorovic.exe
  • 0

#18
JoeDownes
Posted 12 June 2011 - 07:59 AM

JoeDownes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I'm having no problems as far as can tell. The warning sign or iexplore.exe proces didin't show up again and the browser preferences are not changed at start-up. I didn't get redirected, but than I didn't do lots of google searches.
That g\: disk is somewhat of a mystery to me. It doesn't show up in the virus scanner as an option to select, neither can I see it in explorer. I use two partitions, c and d, a firewire mac formatted drive f (I didn't use it since the infection but I'll scan it tonight anyway). The cd drive shows up as e. I never used a drive with the letter g iirc. I never created a map called tanja and don't know what todorovic.exe might be. Probably you're right and it is something unwanted and potentially dangerous. What can I do to get rid of it?

Edit: I just attached a usb stick that I use seldomly. It did show up as drive g. I scanned it using kapersky in safe mode and it was clean. All it reported was:
Autoscan: completed 1 minute ago (events: 2, objects: 28, time: 00:00:31)
6/12/2011 4:11:19 PM Task started
6/12/2011 4:11:50 PM Task completed
There was no map called tanja to be seen in explorer on that drive.

Edited by JoeDownes, 12 June 2011 - 08:21 AM.

  • 0

#19
Render
Posted 12 June 2011 - 09:27 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Very well then. From logs I can see that in the past there was some kind of USB storage device connected to your computer.

O33 - MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\Shell\AutoRun\command - "" = G:\tanja/todorovic.exe
O33 - MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\Shell\Explore\command - "" = G:\tanja/todorovic.exe
O33 - MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\Shell\Open\command - "" = G:\tanja/todorovic.exe


Looks like a worm to me so very likely that was a source of your infection.

Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Reset System Restore points:

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :Commands
    [ClearAllRestorePoints]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.

NEXT...

OTL Clean-Up:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

  • Please download Panda USB Vaccine here (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run it.
  • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
  • Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.
  • 0

#20
JoeDownes
Posted 13 June 2011 - 06:40 AM

JoeDownes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thanks one more time for guiding me through this.
If I have more questions concerning the sort of infection I had, the possible source of the infection and security software, should I post them in this thread or elsewhere on this board?
  • 0

#21
Render
Posted 13 June 2011 - 07:10 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

You are welcome. In that case just send me a personal message and I will reopen this topic.
  • 0

#22
Render
Posted 17 June 2011 - 07:43 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#23
Render
Posted 23 June 2011 - 11:02 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
User returned.

Hi,

Please do the following:

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • On Would you like to download latest Avast! virus definitions? pop-up window click No button.
  • At AV engine: option please select (none).
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    ipconfig /all /c
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • OTL scan log
  • Extras log

  • 0

#24
JoeDownes
Posted 23 June 2011 - 11:29 AM

JoeDownes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thanks.

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-23 19:13:43
-----------------------------
19:13:43.772 OS Version: Windows 5.1.2600 Service Pack 3
19:13:43.772 Number of processors: 1 586 0xD06
19:13:43.772 ComputerName: AE8A865F7EC440A UserName: Da Flaptop
19:13:44.884 Initialize success
19:14:12.263 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:14:12.263 Disk 0 Vendor: IC25N030ATMR04-0 MOAOAD0A Size: 28615MB BusType: 3
19:14:14.286 Disk 0 MBR read successfully
19:14:14.286 Disk 0 MBR scan
19:14:14.286 Disk 0 Windows XP default MBR code
19:14:16.299 Disk 0 scanning sectors +58589055
19:14:16.329 Disk 0 scanning C:\WINDOWS\system32\drivers
19:14:24.821 Service scanning
19:14:26.063 Disk 0 trace - called modules:
19:14:26.093 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:14:26.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x896bfab8]
19:14:26.093 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x896f7d98]
19:14:26.103 Scan finished successfully
19:14:38.431 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
19:14:38.431 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"



OTL logfile created on: 6/23/2011 7:21:55 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 49.96% Memory free
2.98 Gb Paging File | 2.55 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): D:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.31 Gb Free Space | 3.15% Space Free | Partition Type: NTFS
Drive D: | 18.11 Gb Total Space | 0.29 Gb Free Space | 1.57% Space Free | Partition Type: NTFS
Drive E: | 7.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 148.92 Gb Total Space | 30.14 Gb Free Space | 20.24% Space Free | Partition Type: NTFS

Computer Name: AE8A865F7EC440A | User Name: Da Flaptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 19:15:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/06/16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/28 14:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011/04/19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/05/25 18:09:26 | 000,289,792 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2010/05/04 16:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/23 19:15:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011/04/19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/05/04 16:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/28 13:57:57 | 000,112,456 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/04/28 13:57:38 | 000,143,432 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/04/28 13:57:38 | 000,129,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/04/28 13:57:38 | 000,111,688 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 13:57:38 | 000,097,096 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010/09/22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/09/01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/18 11:07:04 | 000,232,040 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/04/28 17:36:56 | 000,028,512 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/02/25 19:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/02/22 16:49:12 | 000,027,232 | ---- | M] (ESI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\romio.sys -- (ROMIO) Service for RoMI/O Driver(WDM)
DRV - [2010/01/13 14:15:52 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\06908262.sys -- (06908262)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\06908261.sys -- (06908261)
DRV - [2007/09/25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2006/03/24 13:48:20 | 000,030,728 | ---- | M] (Eugene Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2005/02/28 10:36:50 | 000,662,400 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2004/11/15 17:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 0C C8 58 C6 1E CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/18 15:51:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/30 02:48:47 | 000,000,000 | ---D | M]

[2011/03/17 01:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/03/17 01:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2011/06/23 18:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions
[2011/02/12 11:58:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/20 19:20:36 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/02/10 16:56:57 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/03/16 21:58:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/05/17 14:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/16 21:58:14 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\[email protected]
[2011/05/17 10:22:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\staged(2)
[2011/05/17 14:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/06/18 15:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/21 02:09:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/13 12:56:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/06/13 12:56:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/23 13:34:24 | 002,156,280 | ---- | M] (Myriad Software.) -- C:\Program Files\Mozilla Firefox\plugins\NPMyrMus.dll
[2010/03/31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2010/04/08 13:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011/06/11 19:27:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.35.25 192.168.123.254
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/11/21 00:55:58 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 19:15:04 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/23 18:53:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/23 18:46:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/06/23 17:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/06/23 17:29:44 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/23 17:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/23 17:29:38 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/20 20:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dvdcss
[2011/06/13 15:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Panda Security
[2011/06/13 15:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
[2011/06/13 15:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/06/13 14:01:33 | 003,022,712 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\Procmon.exe
[2011/06/13 12:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/13 12:56:44 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/13 12:56:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/13 12:56:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/13 12:56:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/13 12:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Secunia PSI
[2011/06/13 12:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/06/13 12:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/06/13 12:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2011/06/13 12:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/06/12 12:32:57 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0690826.sys
[2011/06/12 12:32:57 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\06908261.sys
[2011/06/12 12:32:57 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\06908262.sys
[2011/06/11 15:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/11 15:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/11 14:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/11 13:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2011/06/06 16:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\OpenLibraries
[2011/06/06 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\jahPlayer
[2011/06/06 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut
[2011/06/03 14:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/06/01 14:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\vundo antimal
[2011/05/30 13:44:46 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/30 13:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/05/30 13:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/05/30 13:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2011/05/30 13:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojancheck 6
[2011/05/30 12:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/05/30 02:33:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2011/05/30 00:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/30 00:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/30 00:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/23 19:15:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/23 19:14:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/06/23 19:09:11 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2011/06/23 18:50:37 | 000,000,720 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/06/23 18:50:00 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/23 18:49:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 18:47:52 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/06/23 18:07:26 | 000,002,175 | ---- | M] () -- C:\WINDOWS\tefview.ini
[2011/06/20 14:12:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/20 02:08:49 | 000,079,369 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2011/06/18 15:51:32 | 000,216,064 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/13 14:24:08 | 000,022,842 | ---- | M] () -- D:\^HEINER\cc_20110613_142405.reg
[2011/06/13 12:56:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/13 12:56:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/13 12:56:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/13 12:56:20 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/13 12:56:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/13 12:52:00 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/11 19:27:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/07 16:44:19 | 000,004,192 | ---- | M] () -- D:\^HEINER\cc_20110607_164416.reg
[2011/06/06 18:49:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/04 10:52:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/03 13:59:32 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 10:00:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 13:44:46 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/30 13:44:38 | 000,000,024 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/30 13:24:12 | 000,002,490 | ---- | M] () -- D:\^HEINER\cc_20110530_132406.reg
[2011/05/30 02:41:58 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/23 19:14:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/06/20 02:08:49 | 000,079,369 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2011/06/13 15:38:57 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/06/13 14:24:07 | 000,022,842 | ---- | C] () -- D:\^HEINER\cc_20110613_142405.reg
[2011/06/13 14:01:33 | 000,063,306 | ---- | C] () -- C:\WINDOWS\procmon.chm
[2011/06/13 12:52:00 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/13 12:52:00 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/06/13 12:45:17 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2011/06/11 13:34:05 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
[2011/06/07 16:44:18 | 000,004,192 | ---- | C] () -- D:\^HEINER\cc_20110607_164416.reg
[2011/05/31 10:00:10 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/31 10:00:10 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/05/30 13:44:38 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/30 13:24:09 | 000,002,490 | ---- | C] () -- D:\^HEINER\cc_20110530_132406.reg
[2011/05/30 02:41:58 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/30 02:41:58 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/17 21:56:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/17 13:02:39 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16899876r
[2011/05/17 13:02:39 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16899876
[2011/05/17 13:02:17 | 000,000,392 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16899876
[2011/04/20 16:13:09 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/17 19:38:32 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/15 03:39:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\cd.dat
[2011/02/14 08:04:56 | 000,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
[2011/01/29 20:25:24 | 000,000,107 | ---- | C] () -- C:\WINDOWS\MYOKENT.INI
[2011/01/24 19:35:30 | 000,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2011/01/24 19:35:28 | 000,169,720 | ---- | C] () -- C:\WINDOWS\System32\MMPlugHostCtrl.dll
[2011/01/02 07:41:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\privatedata.dll
[2011/01/02 02:24:43 | 000,000,129 | ---- | C] () -- C:\WINDOWS\BeatBurner VSTi.INI
[2010/12/19 13:47:27 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/11/30 02:39:17 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010/11/27 23:27:59 | 010,280,046 | ---- | C] () -- C:\Program Files\JAP.jar
[2010/11/21 04:51:07 | 000,002,175 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2010/11/21 01:20:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/21 01:03:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/21 00:58:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/21 00:57:18 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2010/11/21 00:57:14 | 000,002,389 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2010/11/21 00:52:00 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/21 00:37:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/21 00:33:45 | 000,216,064 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/14 17:54:24 | 001,743,872 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2006/01/13 04:05:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/13 04:02:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/13 04:01:02 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/13 03:59:43 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/13 03:55:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/01/13 03:54:15 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VCdControlTool.exe
[2006/01/13 03:52:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2006/01/13 03:52:17 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/13 03:50:12 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/13 03:44:46 | 000,080,003 | -H-- | C] () -- C:\WINDOWS\System32\GSpot25.dat
[2006/01/13 03:44:08 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/13 03:40:44 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/01/13 03:40:28 | 001,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/01/13 03:39:44 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/13 03:39:43 | 000,067,714 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/13 03:39:41 | 000,432,924 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/13 03:39:41 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/13 03:39:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/01/13 03:38:40 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/01/13 03:35:46 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2006/01/13 03:33:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/01/13 03:33:47 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
[2006/01/13 03:30:44 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2006/01/13 03:23:56 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/13 03:15:59 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/13 03:15:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2006/01/13 03:14:52 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/01/13 03:46:46 | 001,075,200 | -H-- | M] (Microsoft Corporation) MD5=2DEACA71A7FD77205F59D48D76B2F565 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/01/13 03:38:02 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/01/13 03:23:18 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/01/13 04:01:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : ae8a865f7ec440a
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dynamic.ziggo.nl
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : dynamic.ziggo.nl
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-0F-1F-CF-6C-31
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.123.119
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.123.254
DHCP Server . . . . . . . . . . . : 192.168.123.254
DNS Servers . . . . . . . . . . . : 212.54.35.25
192.168.123.254
Lease Obtained. . . . . . . . . . : Thursday, June 23, 2011 6:50:01 PM
Lease Expires . . . . . . . . . . : Thursday, August 04, 2011 10:50:01 AM

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/16 06:32:37 | 000,714,936 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/16 06:32:37 | 000,714,936 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/16 06:32:37 | 000,714,936 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >



OTL Extras logfile created on: 6/23/2011 7:21:55 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 49.96% Memory free
2.98 Gb Paging File | 2.55 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): D:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.31 Gb Free Space | 3.15% Space Free | Partition Type: NTFS
Drive D: | 18.11 Gb Total Space | 0.29 Gb Free Space | 1.57% Space Free | Partition Type: NTFS
Drive E: | 7.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 148.92 Gb Total Space | 30.14 Gb Free Space | 20.24% Space Free | Partition Type: NTFS

Computer Name: AE8A865F7EC440A | User Name: Da Flaptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"D:\TEMP\adchppd.exe" = D:\TEMP\adchppd.exe:*:Enabled:ADCH++
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Disabled:Main program for Octoshape client -- (Octoshape ApS)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{6774184C-2DB4-4B88-BDBE-4A8535F1693D}" = MacDrive 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EBB34E3-C29E-49A8-A95F-C61F3108D37F}_is1" = HybridReverb2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2551-8692-3609-2406" = Impro-Visor 4.12
"7-Zip" = 7-Zip 9.20
"AcquaVox" = acustica AcquaVox
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avidemux 2.5" = Avidemux 2.5
"CCleaner" = CCleaner
"CDisplayEx_is1" = CDisplayEx 1.8
"CreaToon 3.0" = CreaToon 3.0
"Defraggler" = Defraggler
"DjVuLibre+DjView" = DjVuLibre+DjView
"ERUNT_is1" = ERUNT 1.1j
"ESI - Romio MIDI Driver Setup" = ESI - Romio MIDI Driver
"ffdshow_is1" = ffdshow v1.1.3814 [2011-04-11]
"foobar2000" = foobar2000 v1.1.1
"FreeCommander_is1" = FreeCommander 2009.02b
"Frohmage VST2" = OhmForce Frohmage VST2
"GimpLqRPlugIn" = GIMP LqR Plug-In
"G'MIC for GIMP_is1" = G'MIC for GIMP version 1.5.0.0_beta
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GPStill" = PStill PostScript to PDF Converter (remove only)
"HandBrake" = HandBrake 0.9.5
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.48.0
"iZotope Ozone 4_is1" = iZotope Ozone 4
"JDownloader" = JDownloader
"Kjaerhus Audio Spectra v1.10 VSTi" = Kjaerhus Audio Spectra v1.10 VSTi
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Live 8.2.1" = Live 8.2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MediaCoder" = MediaCoder 2011-RC3
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MKVtoolnix" = MKVtoolnix 4.7.0
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiFreekJunior" = MultiFreek Junior - Multichannel spectrum analyzer
"Ohmygod VST2" = OhmForce Ohmygod VST2
"OpenLibraries" = OpenLibraries
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"PROSet" = Intel® PRO Network Connections Drivers
"PSP VintageWarmer 2.0.0" = PSP VintageWarmer 2.0.0
"PSP VintageWarmer2 2.3.1 32bit" = PSP VintageWarmer2 2.3.1 32bit
"QuicktimeAlt_is1" = QuickTime Alternative 1.67
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"shortcircuit" = shortcircuit
"SopCast" = SopCast 3.2.9
"ST6UNST #1" = Tabwin43
"StreamTorrent 1.0" = StreamTorrent 1.0
"SumatraPDF" = SumatraPDF
"Symptohm PE VST2" = Ohm Force - Symptohm PE VST2
"TEFView_is1" = TEFView 2.69
"Trojancheck_is1" = Trojancheck 6
"TVUPlayer" = TVUPlayer 2.5.3.1
"UFRaw_is1" = UFRaw 0.18
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Virtual Audio Cable 4.01" = Virtual Audio Cable 4.01
"virtualcreations 3LiT3 r3DuC3R >>1.2_is1" = virtualcreations 3LiT3 r3DuC3R >>1.2
"virtualcreations UltraPhazer_is1" = virtualcreations UltraPhazer 1.2
"VLC media player" = VLC media player 1.1.10
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YAMB" = YAMB
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2010 8:08:53 AM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application openvpnas.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00038a0b.

Error - 12/16/2010 8:09:07 AM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application openvpnas.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00038a0b.

Error - 12/16/2010 8:09:24 AM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application openvpnas.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00038a0b.

Error - 12/16/2010 8:24:16 AM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application openvpnas.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00038a0b.

Error - 12/16/2010 11:48:31 AM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application openvpnas.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00038a0b.

Error - 12/17/2010 1:57:05 PM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application openvpnas.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00038a0b.

Error - 1/6/2011 12:13:50 PM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application midilfo.exe, version 0.0.0.0, faulting module
midilfo.exe, version 0.0.0.0, fault address 0x0000c536.

Error - 1/6/2011 12:14:02 PM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application midilfo.exe, version 0.0.0.0, faulting module
midilfo.exe, version 0.0.0.0, fault address 0x0000c536.

Error - 1/14/2011 8:35:38 PM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application live 8.2.1.exe, version 1.0.0.1, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000666c6.

Error - 1/22/2011 9:46:27 PM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application infrarecorder.exe, version 0.51.0.0, faulting
module , version 0.51.0.0, fault address 0x000a99cf.

[ System Events ]
Error - 6/9/2011 5:51:15 PM | Computer Name = AE8A865F7EC440A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/12/2011 9:36:51 PM | Computer Name = AE8A865F7EC440A | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/13/2011 3:29:55 PM | Computer Name = AE8A865F7EC440A | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library EM640AA MP3 Player
USB Device.

Error - 6/13/2011 3:29:57 PM | Computer Name = AE8A865F7EC440A | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library EM640AA MP3 Player
USB Device.

Error - 6/14/2011 9:36:52 PM | Computer Name = AE8A865F7EC440A | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/16/2011 9:36:54 PM | Computer Name = AE8A865F7EC440A | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/17/2011 3:56:36 AM | Computer Name = AE8A865F7EC440A | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 6/18/2011 9:36:54 PM | Computer Name = AE8A865F7EC440A | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/20/2011 9:36:54 PM | Computer Name = AE8A865F7EC440A | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/22/2011 9:36:55 PM | Computer Name = AE8A865F7EC440A | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
  • 0

#25
Render
Posted 25 June 2011 - 03:37 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and sorry for the delay.

Please open Windows Explorer and go into C:\windows folder. In this folder find this file: WindowsUpdate.log. Please zip this file and attach it in your next reply.
  • 0

Advertisements

#26
JoeDownes
Posted 25 June 2011 - 04:18 PM

JoeDownes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It was too big to attach so I zipped it. That shrank it from 1.8 MB to 155 KB, which is another mystery of computer science to me. I hope this works for you.Attached File  WindowsUpdate.zip   154.21KB   107 downloads
  • 0

#27
Render
Posted 26 June 2011 - 05:17 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

For your Windows Update problems there are a few solutions. Please start with FixIt on this site here.
  • 0

#28
JoeDownes
Posted 26 June 2011 - 06:11 AM

JoeDownes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I ran the FixIt, restarted and changed the scheduled time of WindowsUpdate to 2 PM. I waited to see if all works well, but it didn't. There's some new stuff on the .log file so I decided to attach that. Attached File  WindowsUpdate2.zip   158.73KB   202 downloads
  • 0

#29
Render
Posted 26 June 2011 - 07:14 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Click on Start then on All Programs and then on Accessories.
Click on Command Prompt.
In Command Prompt window type or copy/paste following lines and press Enter after each.

net stop wuauserv
net stop bits
net stop cryptsvc

rmdir /s /q %systemroot%\SoftwareDistribution
mkdir %systemroot%\SoftwareDistribution

net start wuauserv
net start bits
net start cryptsvc

Next... Check if WU works now.
  • 0

#30
JoeDownes
Posted 26 June 2011 - 08:04 AM

JoeDownes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
CP tells me: 'NET' is not recognized as an internal or external command, operable program or batch file.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP