Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

google redirect

Started by erobb123 , Jul 30 2011 12:25 PM

  • This topic is locked This topic is locked

#1
erobb123
Posted 30 July 2011 - 12:25 PM

erobb123

    New Member

  • Member
  • Pip
  • 4 posts
First time post, I just don't have time to chase this down again without your help : ) Google search items are randomly redirecting me to various websites. I see the following oddballs in my processes: asferror32, bitsprx332. I see (3D Realms Entertainment) in my OTL printout, which I think I just saw on another post.

So far, I have: cleared my cache (I use Firefox), emptied my recycle bin, run ERUNT, OTM, GooredFix, TDSSKiller (it ran but found nothing), and now OTL. Any info appreciated.

Here are my OTL log files - I am including the "extras" file, not sure if that was necessary:

OTL logfile created on: 7/30/2011 1:54:42 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ek\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 65.14 Mb Available Physical Memory | 12.94% Memory free
1.20 Gb Paging File | 0.51 Gb Available in Paging File | 43.01% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.13 Gb Total Space | 18.39 Gb Free Space | 37.44% Space Free | Partition Type: NTFS

Computer Name: DCFGZY81 | User Name: ek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/30 13:52:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ek\Desktop\OTL.exe
PRC - [2011/07/29 17:11:29 | 000,540,160 | ---- | M] (3D Realms Entertainment) -- C:\WINDOWS\system32\bitsprx332.exe
PRC - [2011/07/29 17:11:29 | 000,540,160 | ---- | M] (3D Realms Entertainment) -- C:\WINDOWS\system32\asferror32.exe
PRC - [2011/06/28 07:07:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/02 15:44:04 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2010/08/23 10:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010/07/04 12:00:10 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/12/18 11:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/10/07 17:35:52 | 000,077,824 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkDStore.exe
PRC - [2004/09/07 17:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 17:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 17:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2001/03/07 10:11:12 | 010,577,312 | R--- | M] (Microsoft Corporation) -- C:\Microsoft Office\Office10\WINWORD.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/30 13:52:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ek\Desktop\OTL.exe
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/29 17:11:29 | 000,540,160 | ---- | M] (3D Realms Entertainment) [Auto | Running] -- C:\WINDOWS\system32\bitsprx332.exe -- (NIS32)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/06/11 10:28:14 | 000,053,248 | ---- | M] ( Advanced Software Technologies) [On_Demand | Stopped] -- C:\WINDOWS\system32\AstSrv.exe -- (astcc)
SRV - [2007/06/10 01:20:40 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/09 19:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/02/10 17:54:38 | 000,139,264 | ---- | M] (Netscape Communications Corporation) [On_Demand | Stopped] -- C:\Netscape\ncupdatesvc.exe -- (NCUpdateSvc)
SRV - [2004/09/07 17:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - [2011/07/30 12:21:29 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110730.002\navex15.sys -- (NAVEX15)
DRV - [2011/07/30 12:21:28 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/30 12:21:28 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/30 12:21:28 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110730.002\naveng.sys -- (NAVENG)
DRV - [2011/07/29 07:58:06 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20110729.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/23 00:32:12 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/04 12:05:21 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2010/07/04 12:04:31 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2010/07/04 12:00:09 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/05/03 06:12:51 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/01/29 11:02:00 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\archlp.sys -- (archlp)
DRV - [2007/07/24 16:27:23 | 000,028,672 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2007/06/21 18:52:34 | 000,171,136 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2007/06/21 18:52:24 | 000,005,248 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2007/06/21 18:52:22 | 000,005,120 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/12 17:55:24 | 000,022,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/03/30 15:50:24 | 000,093,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2006/03/30 15:50:22 | 000,008,272 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2006/03/30 15:50:20 | 000,058,352 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 04:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 04:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 04:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/14 11:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 10:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 12:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/31 09:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 09:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 C8 C3 02 ED 6C B1 45 A5 B7 CD 28 20 2C 9E 60 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 C8 C3 02 ED 6C B1 45 A5 B7 CD 28 20 2C 9E 60 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 C8 C3 02 ED 6C B1 45 A5 B7 CD 28 20 2C 9E 60 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 C8 C3 02 ED 6C B1 45 A5 B7 CD 28 20 2C 9E 60 [binary data]

IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 C8 C3 02 ED 6C B1 45 A5 B7 CD 28 20 2C 9E 60 [binary data]
IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2011/07/30 12:32:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn_2010_9_0_6 [2011/07/30 13:36:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/02 15:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 07:08:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 16:34:04 | 000,000,000 | ---D | M]

[2008/07/19 16:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ek\Application Data\Mozilla\Extensions
[2011/07/30 13:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ek\Application Data\Mozilla\Firefox\Profiles\8oelp0wy.default\extensions
[2011/07/30 13:49:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\ek\Application Data\Mozilla\Firefox\Profiles\8oelp0wy.default\extensions\{2de769c0-8e02-48a1-a9dd-e1230abc6865}
[2011/07/15 08:00:38 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\ek\Application Data\Mozilla\Firefox\Profiles\8oelp0wy.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/12/03 14:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ek\Application Data\Mozilla\Firefox\Profiles\8oelp0wy.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/06/22 12:56:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\ek\Application Data\Mozilla\Firefox\Profiles\8oelp0wy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/02 09:30:58 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Documents and Settings\ek\Application Data\Mozilla\Firefox\Profiles\8oelp0wy.default\extensions\[email protected]
[2011/05/01 18:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/05 13:33:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/26 00:21:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/22 08:02:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 08:55:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/28 07:07:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/24 23:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/23 07:34:24 | 002,156,280 | ---- | M] (Myriad Software.) -- C:\Program Files\mozilla firefox\plugins\NPMyrMus.dll
[2008/07/15 14:13:20 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/30 13:30:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02C3C824-6CED-45B1-A5B7-CD28202C9E60} - C:\WINDOWS\system32\asferror32.dll (3D Realms Entertainment)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O12 - Plugin for: .mu3 - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mus - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mxl - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mya - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myr - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myt - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .xmz - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O15 - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\..Trusted Domains: dollartree.com ([webmail] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{347dfa82-13af-11db-abb8-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{347dfa82-13af-11db-abb8-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{347dfa82-13af-11db-abb8-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/30 13:52:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ek\Desktop\OTL.exe
[2011/07/30 13:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ek\Desktop\tdsskiller
[2011/07/30 13:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ek\Desktop\GooredFix Backups
[2011/07/30 13:46:06 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\ek\Desktop\GooredFix.exe
[2011/07/30 13:30:15 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/30 13:28:45 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ek\Desktop\OTM.exe
[2011/07/30 13:27:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/30 13:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/30 13:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/30 13:22:52 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\ek\Desktop\erunt-setup.exe
[2011/07/30 07:35:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ek\Recent
[2011/07/29 17:12:11 | 000,540,160 | ---- | C] (3D Realms Entertainment) -- C:\WINDOWS\System32\asferror32.exe
[2011/07/29 17:11:58 | 000,540,160 | ---- | C] (3D Realms Entertainment) -- C:\WINDOWS\System32\bitsprx332.exe
[2011/07/29 17:11:49 | 000,343,040 | ---- | C] (3D Realms Entertainment) -- C:\WINDOWS\System32\asferror32.dll
[2006/08/11 22:16:41 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\Documents and Settings\ek\*.tmp files -> C:\Documents and Settings\ek\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/30 13:53:03 | 000,031,416 | ---- | M] () -- C:\Documents and Settings\ek\Application Data\wklnhst.dat
[2011/07/30 13:52:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ek\Desktop\OTL.exe
[2011/07/30 13:47:58 | 001,388,094 | ---- | M] () -- C:\Documents and Settings\ek\Desktop\tdsskiller.zip
[2011/07/30 13:46:07 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\ek\Desktop\GooredFix.exe
[2011/07/30 13:37:22 | 000,002,179 | ---- | M] () -- C:\Documents and Settings\ek\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/07/30 13:36:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/30 13:35:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/30 13:35:19 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/30 13:30:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/30 13:28:46 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ek\Desktop\OTM.exe
[2011/07/30 13:26:37 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\ek\Desktop\NTREGOPT.lnk
[2011/07/30 13:26:37 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\ek\Desktop\ERUNT.lnk
[2011/07/30 13:22:54 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\ek\Desktop\erunt-setup.exe
[2011/07/30 13:19:15 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\ek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/29 22:16:45 | 000,002,167 | ---- | M] () -- C:\Documents and Settings\ek\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2011/07/29 17:12:11 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\43015360
[2011/07/29 17:11:49 | 000,343,040 | ---- | M] (3D Realms Entertainment) -- C:\WINDOWS\System32\asferror32.dll
[2011/07/29 17:11:29 | 000,540,160 | ---- | M] (3D Realms Entertainment) -- C:\WINDOWS\System32\bitsprx332.exe
[2011/07/29 17:11:29 | 000,540,160 | ---- | M] (3D Realms Entertainment) -- C:\WINDOWS\System32\asferror32.exe
[2011/07/27 18:27:24 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/08 23:20:38 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\ek\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/07/02 10:59:23 | 000,444,824 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/02 10:59:23 | 000,073,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\Documents and Settings\ek\*.tmp files -> C:\Documents and Settings\ek\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/30 13:47:52 | 001,388,094 | ---- | C] () -- C:\Documents and Settings\ek\Desktop\tdsskiller.zip
[2011/07/30 13:26:37 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\ek\Desktop\NTREGOPT.lnk
[2011/07/30 13:26:36 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\ek\Desktop\ERUNT.lnk
[2011/07/29 17:11:58 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\43015360
[2011/02/10 14:09:37 | 000,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2011/02/10 14:09:34 | 000,169,720 | ---- | C] () -- C:\WINDOWS\System32\MMPlugHostCtrl.dll
[2011/01/07 07:57:33 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\ek\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/07 07:45:16 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/06 22:50:57 | 000,147,264 | ---- | C] () -- C:\WINDOWS\hpoins17.dat.temp
[2010/08/06 22:50:57 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl17.dat.temp
[2010/07/18 13:49:43 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/09 20:24:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 20:24:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/19 14:04:09 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\ek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 01:09:28 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTRDF14N.INI
[2009/11/05 23:19:15 | 000,011,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\archlp.sys
[2009/03/08 19:59:02 | 000,052,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/17 01:48:34 | 000,012,955 | ---- | C] () -- C:\WINDOWS\Guxbpi.dll
[2009/01/17 01:48:34 | 000,011,907 | ---- | C] () -- C:\WINDOWS\Rop12.exe
[2009/01/02 21:09:07 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg206.dat
[2008/09/30 00:18:42 | 000,000,056 | ---- | C] () -- C:\WINDOWS\SSB.ini
[2008/08/05 08:14:13 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/08/05 08:14:12 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/01/14 13:26:20 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/05 00:06:11 | 000,000,458 | ---- | C] () -- C:\WINDOWS\nwplayer.ini
[2007/11/23 23:02:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/11/14 08:52:01 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/07/24 17:42:14 | 000,146,756 | ---- | C] () -- C:\WINDOWS\hpoins17.dat
[2007/07/24 17:42:14 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl17.dat
[2007/02/20 18:12:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/05 20:38:15 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2007/02/05 20:38:14 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2006/12/04 21:59:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2006/07/25 17:32:50 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2006/07/25 17:32:49 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2006/07/19 00:54:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/07/16 21:46:16 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2006/07/14 23:13:23 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/07/14 23:08:42 | 000,000,208 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/07/14 22:59:45 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/07/12 23:04:02 | 000,003,454 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/12 23:04:02 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9859C1A18F.sys
[2006/07/12 22:34:28 | 000,000,198 | ---- | C] () -- C:\WINDOWS\CDGUIDE.INI
[2006/07/12 19:18:33 | 000,031,416 | ---- | C] () -- C:\Documents and Settings\ek\Application Data\wklnhst.dat
[2006/07/12 17:44:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/07/12 17:35:52 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\ek\Local Settings\Application Data\fusioncache.dat
[2006/07/01 17:01:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/01 16:53:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/01 16:50:49 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/07/01 16:47:17 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/01 16:43:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/01 16:39:12 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/07/01 16:10:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2006/07/01 16:10:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/07/01 16:10:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/01 16:09:28 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 000,444,824 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,073,254 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 15:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2002/06/06 01:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[1999/03/10 21:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1998/01/13 21:23:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/14 21:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1994/07/25 21:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 21:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

========== LOP Check ==========

[2011/01/11 23:19:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/11 23:32:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/02/15 23:42:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2007/05/02 20:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/07/18 14:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/03/10 16:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGTEK
[2009/07/31 20:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2010/05/03 05:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/01/01 23:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCStitch 9
[2010/07/15 16:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/01/17 00:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/07/01 16:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/12 19:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/12/28 14:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2011/02/10 23:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\ACAMPREF
[2007/06/17 23:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\acccore
[2011/01/31 08:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Amazon
[2010/11/08 16:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Anvil Studio
[2010/12/08 09:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Avery
[2009/12/24 19:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Cakewalk
[2011/02/15 23:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Canon
[2010/07/11 07:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\eMusic
[2008/07/30 07:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\FileZilla
[2007/05/11 13:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\FUJIFILM
[2008/05/30 00:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\KompoZer
[2010/01/29 21:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\kompozer.net
[2010/07/15 16:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Leadertech
[2010/03/22 07:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Music Recognition
[2010/08/16 20:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\PCStitch Pro
[2008/06/28 15:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Smith Micro
[2006/07/12 19:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Template
[2010/06/17 00:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Tific
[2010/07/04 11:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Uniblue
[2007/02/14 08:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Viewpoint
[2006/07/12 19:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\WildTangent
[2011/02/02 09:22:40 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 7/30/2011 1:54:42 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ek\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 65.14 Mb Available Physical Memory | 12.94% Memory free
1.20 Gb Paging File | 0.51 Gb Available in Paging File | 43.01% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.13 Gb Total Space | 18.39 Gb Free Space | 37.44% Space Free | Partition Type: NTFS

Computer Name: DCFGZY81 | User Name: ek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\FujiFinePix\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Directory [FinePixPrint] -- "C:\FujiFinePix\FinePixViewer.exe" /p "%1" (FUJIFILM Corporation.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10341:TCP" = 10341:TCP:*:Enabled:BitComet 10341 TCP
"10341:UDP" = 10341:UDP:*:Enabled:BitComet 10341 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\QuickBooks 2007\QBDBMgrN.exe" = C:\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\BitComet\BitComet.exe" = C:\BitComet\BitComet.exe:*:Enabled:BitComet.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{034F8C89-C4F4-4731-A32B-F4294C04729F}" = HP Photosmart All-In-One Software 9.0
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06230E02-2B7E-11D2-92D0-0040051BD005}" = OLYMPUS CAMEDIA Master 2.5
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.3
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D6FC0A8-37D6-45FE-A5D0-67A995AA082C}" = USB Video/Audio Driver
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7E545666-F427-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Nonprofit Edition 2007
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D7574B1-49D7-41E6-9C2E-6B49A8619E64}" = BCL easyPDF Printer Driver 5.1
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A72FC039-FE41-4BAD-B36E-64368EC54B54}" = ArcSoft MediaConverter 2.5
"{A9FC434F-9950-487C-82F1-E1515FA70DA4}" = ArcSoft ShowBiz DVD 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BAFFEF7F-08B3-45b3-B215-418175C4E9DD}" = c5200_Help
"{BB360AE2-CF24-420B-8E31-7597E9499DD2}" = Zoom Cable Modem
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BC5E28DB-A496-415F-9BCF-374AE8E33AB5}" = ArcSoft TotalMedia Extreme
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25D2412-3136-4B33-9D32-8F0F5E81F349}" = MGTEK dopisp
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1E03284-66FD-4292-8239-504CEC5B0CC3}" = C5200_doccd
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB32A38E-4D83-49F9-9E69-4D0929C5F175}" = PCStitch 9
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FAD03728-DA19-4313-959F-872A9C432A86}" = Samsung USB Driver (MCCI 4.34) WHQL v3.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}" = Netscape Internet Service
"{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}" = Netscape Web Accelerator
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AsUninst.exe" = Anvil Studio
"AudioCreator_is1" = Audio Creator LE
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1044)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"HijackThis" = HijackThis 2.0.0
"HitmanPro35" = Hitman Pro 3.5
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Image Web Server IE Plugin" = Image Web Server 7.0 IE Plugins (Build:3,1,0,229)
"InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"InstallShield_{4D6FC0A8-37D6-45FE-A5D0-67A995AA082C}" = USB Video/Audio Driver
"InstallShield_{FAD03728-DA19-4313-959F-872A9C432A86}" = Samsung USB Driver (MCCI 4.34) WHQL v3.0
"Just Sudoku - Professional Edition_is1" = Just Sudoku - Professional Edition 1.1
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteWorthy Player" = NoteWorthy Player
"Picasa2" = Picasa 2
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"SmartSuite V99.0" = Lotus SmartSuite Release 9.5
"Speccy" = Speccy
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/28/2011 11:01:24 PM | Computer Name = DCFGZY81 | Source = Media Center Phone Service | ID = 8
Description = Initializing the telephony service failed with error 0x80040005.

Error - 6/29/2011 8:15:01 PM | Computer Name = DCFGZY81 | Source = Media Center Phone Service | ID = 8
Description = Initializing the telephony service failed with error 0x80040005.

Error - 7/2/2011 10:34:07 PM | Computer Name = DCFGZY81 | Source = Media Center Phone Service | ID = 8
Description = Initializing the telephony service failed with error 0x80040005.

Error - 7/5/2011 4:02:40 PM | Computer Name = DCFGZY81 | Source = Media Center Phone Service | ID = 8
Description = Initializing the telephony service failed with error 0x80040005.

Error - 7/9/2011 9:57:01 PM | Computer Name = DCFGZY81 | Source = Media Center Phone Service | ID = 8
Description = Initializing the telephony service failed with error 0x80040005.

Error - 7/12/2011 11:39:00 PM | Computer Name = DCFGZY81 | Source = Media Center Phone Service | ID = 8
Description = Initializing the telephony service failed with error 0x80040005.

Error - 7/14/2011 7:35:41 AM | Computer Name = DCFGZY81 | Source = Media Center Phone Service | ID = 8
Description = Initializing the telephony service failed with error 0x80040005.

Error - 7/22/2011 1:34:08 PM | Computer Name = DCFGZY81 | Source = Media Center Phone Service | ID = 8
Description = Initializing the telephony service failed with error 0x80040005.

Error - 7/27/2011 7:33:55 PM | Computer Name = DCFGZY81 | Source = Media Center Phone Service | ID = 8
Description = Initializing the telephony service failed with error 0x80040005.

Error - 7/28/2011 9:00:46 PM | Computer Name = DCFGZY81 | Source = Media Center Phone Service | ID = 8
Description = Initializing the telephony service failed with error 0x80040005.

[ System Events ]
Error - 7/30/2011 1:30:41 PM | Computer Name = DCFGZY81 | Source = Service Control Manager | ID = 7034
Description = The Seagate Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/30/2011 1:30:41 PM | Computer Name = DCFGZY81 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/30/2011 1:30:41 PM | Computer Name = DCFGZY81 | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 7/30/2011 1:30:43 PM | Computer Name = DCFGZY81 | Source = Service Control Manager | ID = 7034
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 3 time(s).

Error - 7/30/2011 1:36:18 PM | Computer Name = DCFGZY81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 7/30/2011 1:36:18 PM | Computer Name = DCFGZY81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 7/30/2011 1:36:18 PM | Computer Name = DCFGZY81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 7/30/2011 1:37:18 PM | Computer Name = DCFGZY81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 7/30/2011 1:37:36 PM | Computer Name = DCFGZY81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 7/30/2011 1:42:40 PM | Computer Name = DCFGZY81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >
  • 0

Advertisements

#2
BlackOxide
Posted 30 July 2011 - 01:30 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, erobb123! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)



Yep, those 3D Realms items are not what you want, so lets get rid of those, along with some other items that are present in the OTL log. If you could follow the steps below, then get back to me with logs please.



1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - [2011/07/29 17:11:29 | 000,540,160 | ---- | M] (3D Realms Entertainment) [Auto | Running] -- C:\WINDOWS\system32\bitsprx332.exe -- (NIS32)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 C8 C3 02 ED 6C B1 45 A5 B7 CD 28 20 2C 9E 60 [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 C8 C3 02 ED 6C B1 45 A5 B7 CD 28 20 2C 9E 60 [binary data]
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 C8 C3 02 ED 6C B1 45 A5 B7 CD 28 20 2C 9E 60 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 C8 C3 02 ED 6C B1 45 A5 B7 CD 28 20 2C 9E 60 [binary data]
IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 C8 C3 02 ED 6C B1 45 A5 B7 CD 28 20 2C 9E 60 [binary data]
[2011/07/30 13:49:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\ek\Application Data\Mozilla\Firefox\Profiles\8oelp0wy.default\extensions\{2de769c0-8e02-48a1-a9dd-e1230abc6865}
O2 - BHO: (no name) - {02C3C824-6CED-45B1-A5B7-CD28202C9E60} - C:\WINDOWS\system32\asferror32.dll (3D Realms Entertainment)
[2011/07/29 17:12:11 | 000,540,160 | ---- | C] (3D Realms Entertainment) -- C:\WINDOWS\System32\asferror32.exe
[2011/07/29 17:11:58 | 000,540,160 | ---- | C] (3D Realms Entertainment) -- C:\WINDOWS\System32\bitsprx332.exe
[2011/07/29 17:11:49 | 000,343,040 | ---- | C] (3D Realms Entertainment) -- C:\WINDOWS\System32\asferror32.dll
[2011/07/29 17:12:11 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\43015360
[2009/01/17 01:48:34 | 000,012,955 | ---- | C] () -- C:\WINDOWS\Guxbpi.dll
[2009/01/17 01:48:34 | 000,011,907 | ---- | C] () -- C:\WINDOWS\Rop12.exe

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 0

#3
erobb123
Posted 30 July 2011 - 02:15 PM

erobb123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Okay: OTL: and aswMBR logs follow:

OTL logfile created on: 7/30/2011 3:59:24 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ek\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 47.60 Mb Available Physical Memory | 9.46% Memory free
1.20 Gb Paging File | 0.74 Gb Available in Paging File | 61.61% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.13 Gb Total Space | 18.37 Gb Free Space | 37.40% Space Free | Partition Type: NTFS

Computer Name: DCFGZY81 | User Name: ek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/30 13:52:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ek\Desktop\OTL.exe
PRC - [2011/01/02 15:44:04 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2010/08/23 10:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010/07/04 12:00:10 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/12/18 11:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2004/09/07 17:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 17:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 17:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe


========== Modules (SafeList) ==========

MOD - [2011/07/30 13:52:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ek\Desktop\OTL.exe
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/06/11 10:28:14 | 000,053,248 | ---- | M] ( Advanced Software Technologies) [On_Demand | Stopped] -- C:\WINDOWS\system32\AstSrv.exe -- (astcc)
SRV - [2007/06/10 01:20:40 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/09 19:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/02/10 17:54:38 | 000,139,264 | ---- | M] (Netscape Communications Corporation) [On_Demand | Stopped] -- C:\Netscape\ncupdatesvc.exe -- (NCUpdateSvc)
SRV - [2004/09/07 17:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - [2011/07/30 12:21:29 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110730.002\navex15.sys -- (NAVEX15)
DRV - [2011/07/30 12:21:28 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/30 12:21:28 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/30 12:21:28 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110730.002\naveng.sys -- (NAVENG)
DRV - [2011/07/29 07:58:06 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20110729.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/23 00:32:12 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/04 12:05:21 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2010/07/04 12:04:31 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2010/07/04 12:00:09 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/05/03 06:12:51 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/01/29 11:02:00 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\archlp.sys -- (archlp)
DRV - [2007/07/24 16:27:23 | 000,028,672 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2007/06/21 18:52:34 | 000,171,136 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2007/06/21 18:52:24 | 000,005,248 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2007/06/21 18:52:22 | 000,005,120 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/12 17:55:24 | 000,022,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/03/30 15:50:24 | 000,093,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2006/03/30 15:50:22 | 000,008,272 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2006/03/30 15:50:20 | 000,058,352 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 04:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 04:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 04:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/14 11:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 10:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 12:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/31 09:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 09:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =

IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2011/07/30 12:32:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn_2010_9_0_6 [2011/07/30 15:56:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/02 15:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 07:08:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 16:34:04 | 000,000,000 | ---D | M]

[2008/07/19 16:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ek\Application Data\Mozilla\Extensions
[2011/07/30 13:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ek\Application Data\Mozilla\Firefox\Profiles\8oelp0wy.default\extensions
[2011/07/15 08:00:38 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\ek\Application Data\Mozilla\Firefox\Profiles\8oelp0wy.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/12/03 14:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ek\Application Data\Mozilla\Firefox\Profiles\8oelp0wy.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/06/22 12:56:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\ek\Application Data\Mozilla\Firefox\Profiles\8oelp0wy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/02 09:30:58 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Documents and Settings\ek\Application Data\Mozilla\Firefox\Profiles\8oelp0wy.default\extensions\[email protected]
[2011/05/01 18:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/05 13:33:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/26 00:21:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/22 08:02:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 08:55:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/28 07:07:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/24 23:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/23 07:34:24 | 002,156,280 | ---- | M] (Myriad Software.) -- C:\Program Files\mozilla firefox\plugins\NPMyrMus.dll
[2008/07/15 14:13:20 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/30 15:53:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O12 - Plugin for: .mu3 - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mus - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mxl - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mya - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myr - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myt - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .xmz - C:\Program Files\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.)
O15 - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2543318934-2984423688-3246211744-1005\..Trusted Domains: dollartree.com ([webmail] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{347dfa82-13af-11db-abb8-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{347dfa82-13af-11db-abb8-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{347dfa82-13af-11db-abb8-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/30 15:52:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/30 13:52:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ek\Desktop\OTL.exe
[2011/07/30 13:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ek\Desktop\tdsskiller
[2011/07/30 13:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ek\Desktop\GooredFix Backups
[2011/07/30 13:46:06 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\ek\Desktop\GooredFix.exe
[2011/07/30 13:30:15 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/30 13:28:45 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ek\Desktop\OTM.exe
[2011/07/30 13:27:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/30 13:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/30 13:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/30 13:22:52 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\ek\Desktop\erunt-setup.exe
[2011/07/30 07:35:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ek\Recent
[2006/08/11 22:16:41 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\Documents and Settings\ek\*.tmp files -> C:\Documents and Settings\ek\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/30 15:56:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/30 15:55:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/30 15:55:39 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/30 15:53:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/30 13:53:03 | 000,031,416 | ---- | M] () -- C:\Documents and Settings\ek\Application Data\wklnhst.dat
[2011/07/30 13:52:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ek\Desktop\OTL.exe
[2011/07/30 13:47:58 | 001,388,094 | ---- | M] () -- C:\Documents and Settings\ek\Desktop\tdsskiller.zip
[2011/07/30 13:46:07 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\ek\Desktop\GooredFix.exe
[2011/07/30 13:37:22 | 000,002,179 | ---- | M] () -- C:\Documents and Settings\ek\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/07/30 13:28:46 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ek\Desktop\OTM.exe
[2011/07/30 13:26:37 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\ek\Desktop\NTREGOPT.lnk
[2011/07/30 13:26:37 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\ek\Desktop\ERUNT.lnk
[2011/07/30 13:22:54 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\ek\Desktop\erunt-setup.exe
[2011/07/30 13:19:15 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\ek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/29 22:16:45 | 000,002,167 | ---- | M] () -- C:\Documents and Settings\ek\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2011/07/27 18:27:24 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/08 23:20:38 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\ek\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/07/02 10:59:23 | 000,444,824 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/02 10:59:23 | 000,073,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\Documents and Settings\ek\*.tmp files -> C:\Documents and Settings\ek\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/30 13:47:52 | 001,388,094 | ---- | C] () -- C:\Documents and Settings\ek\Desktop\tdsskiller.zip
[2011/07/30 13:26:37 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\ek\Desktop\NTREGOPT.lnk
[2011/07/30 13:26:36 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\ek\Desktop\ERUNT.lnk
[2011/02/10 14:09:37 | 000,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2011/02/10 14:09:34 | 000,169,720 | ---- | C] () -- C:\WINDOWS\System32\MMPlugHostCtrl.dll
[2011/01/07 07:57:33 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\ek\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/07 07:45:16 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/06 22:50:57 | 000,147,264 | ---- | C] () -- C:\WINDOWS\hpoins17.dat.temp
[2010/08/06 22:50:57 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl17.dat.temp
[2010/07/18 13:49:43 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/09 20:24:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 20:24:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/19 14:04:09 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\ek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 01:09:28 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTRDF14N.INI
[2009/11/05 23:19:15 | 000,011,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\archlp.sys
[2009/03/08 19:59:02 | 000,052,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/02 21:09:07 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg206.dat
[2008/09/30 00:18:42 | 000,000,056 | ---- | C] () -- C:\WINDOWS\SSB.ini
[2008/08/05 08:14:13 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/08/05 08:14:12 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/01/14 13:26:20 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/05 00:06:11 | 000,000,458 | ---- | C] () -- C:\WINDOWS\nwplayer.ini
[2007/11/23 23:02:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/11/14 08:52:01 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/07/24 17:42:14 | 000,146,756 | ---- | C] () -- C:\WINDOWS\hpoins17.dat
[2007/07/24 17:42:14 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl17.dat
[2007/02/20 18:12:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/05 20:38:15 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2007/02/05 20:38:14 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2006/12/04 21:59:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2006/07/25 17:32:50 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2006/07/25 17:32:49 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2006/07/19 00:54:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/07/16 21:46:16 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2006/07/14 23:13:23 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/07/14 23:08:42 | 000,000,208 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/07/14 22:59:45 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/07/12 23:04:02 | 000,003,454 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/12 23:04:02 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9859C1A18F.sys
[2006/07/12 22:34:28 | 000,000,198 | ---- | C] () -- C:\WINDOWS\CDGUIDE.INI
[2006/07/12 19:18:33 | 000,031,416 | ---- | C] () -- C:\Documents and Settings\ek\Application Data\wklnhst.dat
[2006/07/12 17:44:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/07/12 17:35:52 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\ek\Local Settings\Application Data\fusioncache.dat
[2006/07/01 17:01:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/01 16:53:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/01 16:50:49 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/07/01 16:47:17 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/01 16:43:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/01 16:39:12 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/07/01 16:10:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2006/07/01 16:10:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/07/01 16:10:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/01 16:09:28 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 000,444,824 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,073,254 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 15:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2002/06/06 01:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[1999/03/10 21:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1998/01/13 21:23:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/14 21:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1994/07/25 21:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 21:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

========== LOP Check ==========

[2011/01/11 23:19:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/11 23:32:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/02/15 23:42:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2007/05/02 20:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/07/18 14:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/03/10 16:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGTEK
[2009/07/31 20:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2010/05/03 05:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/01/01 23:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCStitch 9
[2010/07/15 16:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/01/17 00:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/07/01 16:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/12 19:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/12/28 14:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2011/02/10 23:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\ACAMPREF
[2007/06/17 23:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\acccore
[2011/01/31 08:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Amazon
[2010/11/08 16:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Anvil Studio
[2010/12/08 09:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Avery
[2009/12/24 19:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Cakewalk
[2011/02/15 23:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Canon
[2010/07/11 07:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\eMusic
[2008/07/30 07:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\FileZilla
[2007/05/11 13:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\FUJIFILM
[2008/05/30 00:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\KompoZer
[2010/01/29 21:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\kompozer.net
[2010/07/15 16:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Leadertech
[2010/03/22 07:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Music Recognition
[2010/08/16 20:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\PCStitch Pro
[2008/06/28 15:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Smith Micro
[2006/07/12 19:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Template
[2010/06/17 00:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Tific
[2010/07/04 11:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Uniblue
[2007/02/14 08:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\Viewpoint
[2006/07/12 19:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ek\Application Data\WildTangent
[2011/02/02 09:22:40 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-07-30 16:13:48
-----------------------------
16:13:48.203 OS Version: Windows 5.1.2600 Service Pack 3
16:13:48.203 Number of processors: 1 586 0xD08
16:13:48.203 ComputerName: DCFGZY81 UserName: ek
16:13:50.828 Initialize success
16:14:10.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:14:10.437 Disk 0 Vendor: FUJITSU_MHV2060AH 00000096 Size: 55796MB BusType: 3
16:14:12.468 Disk 0 MBR read successfully
16:14:12.468 Disk 0 MBR scan
16:14:12.468 Disk 0 unknown MBR code
16:14:12.468 Disk 0 scanning sectors +114254280
16:14:12.593 Disk 0 scanning C:\WINDOWS\system32\drivers
16:14:25.062 Service scanning
16:14:27.421 Modules scanning
16:14:41.125 Disk 0 trace - called modules:
16:14:41.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:14:41.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d97ab8]
16:14:41.156 3 CLASSPNP.SYS[f8672fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82dd07f8]
16:14:41.156 Scan finished successfully
16:15:10.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ek\Desktop\MBR.dat"
16:15:10.250 The log file has been saved successfully to "C:\Documents and Settings\ek\Desktop\aswMBR.txt"
  • 0

#4
BlackOxide
Posted 30 July 2011 - 03:05 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs. OTL log looks good now :)

We'll now check to make sure there are no leftovers lurking...


1)
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply




2)
Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.
  • Save it to your desktop.
  • Double click the setup file to run it.
  • Follow the onscreen prompts until it is installed
  • Click the Options button (the 'cog' icon), then make sure only the following are ticked:

  • System Memory
  • Hidden startup objects
  • Disk boot sectors
  • Local Disk (C:)
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Automatic Scan
  • Now click the Start Scanning button, to run the scan
  • If a message appears asking how to handle an infection, tick the Apply to all objects box, then click Disinfection
  • If it says it cannot be Disinfected, then chooose the Delete option when prompted.
  • After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
  • Click Detected threats on the left
  • Now click the Save button, and save it as kaslog.txt to your Desktop
  • Please copy and paste the contents of kaslog.txt in your next reply.




3)
After you have done the above steps, could you check and let me know whether you are still getting any redirects.




In your next reply
Please post the contents of...
MBAM log
Kaspersky log
Update on whether redirects are still occurring
  • 0

#5
erobb123
Posted 30 July 2011 - 07:42 PM

erobb123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
geez, that was painful - 3 hrs to run Kaspersky. Log files follow. I do not seem to have the redirect issue anymore - yay!

MBAM:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7329

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/30/2011 6:10:41 PM
mbam-log-2011-07-30 (18-10-41).txt

Scan type: Quick scan
Objects scanned: 170723
Time elapsed: 22 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


kasplog:
Status: Deleted (events: 3)
7/30/2011 9:26:49 PM Deleted Trojan program Trojan.Win32.BHO.bpct C:\_OTL\MovedFiles\07302011_155250\C_WINDOWS\system32\asferror32.dll High
7/30/2011 9:26:50 PM Deleted Trojan program Trojan.Win32.Scar.ekeh C:\_OTL\MovedFiles\07302011_155250\C_WINDOWS\system32\asferror32.exe High
7/30/2011 9:26:49 PM Deleted Trojan program Trojan.Win32.Scar.ekeh C:\_OTL\MovedFiles\07302011_155250\C_WINDOWS\system32\bitsprx332.exe High
  • 0

#6
BlackOxide
Posted 31 July 2011 - 08:24 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent :yes: Well your logs look good to me now, so I'll post my cleanup steps below. If you have any other questions, just let me know.



Good stuff, your logs now appear clean :)

Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected


Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR from the Desktop (if present)

2)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
[CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

3)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

4)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Spyware Blaster
Spyware Blaster is a useful program that creates a huge list of known suspect/dangerous sites and blocks any attempts to visit those sites by embedding the list into Internet Explorer and Firefox.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.


Have fun and stay safe online :unsure:
BlackOxide
  • 0

#7
erobb123
Posted 31 July 2011 - 10:46 AM

erobb123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I have cleaned & brushed & flossed. All ready for a new day. Thanks so much!!
  • 0

#8
BlackOxide
Posted 31 July 2011 - 11:54 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
:unsure:

No problem, you're welcome :)

Take care.
  • 0

#9
BlackOxide
Posted 31 July 2011 - 11:54 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 1
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP