Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

OTL log, usb device not recognized


  • Please log in to reply

#1
tofu5

tofu5

    Member

  • Member
  • PipPipPip
  • 175 posts
I posted the below in the Hardware forum, and was suggested to scan with OTL, post here, and see if you could help me first. Thanks.
Nancy
P.S. From OTL I received 2 logs, I think, not sure which should be 1st or 2nd, so posted them both.
My operating system is Vista.

My computer does not recognize the connection to my Samsung camera. I get a popup that says "USB device not recognized. One of the USB devices attached to this computer has malfunctioned". I downloaded a few pictures 7 days, all worked fine. Then 5 days ago I got a virus about Security Professional, that pretends to scan your computer and tell you that you have viruses when they are in fact the bug. I have SuperAntispyware Professional, AVG free, AdAware, SpywareBlaster, and SpywareGuard, none of which caught this virus. The virus was the only thing was happened differently to my computer in the past week, it pretty much locked up the computer and I finally got rid of it through SuperAntispyware. I have since scanned with all the above antispyware and they all say I am clean. I have reloaded the Samsung camera software, in case that was a problem. I have also turned off the computer and unplugged it from all power(this was recommended from a person on a Microsoft forum, many others on the forum said this helped them resolve a similar problem). What else should I do for the computer to recognize the camera usb cord? P.S. I also went into Device Manager and did Scan Hardware.

OTL report:
OTL Extras logfile created on: 8/11/2011 5:17:26 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\user\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 29.03% Memory free
3.23 Gb Paging File | 0.92 Gb Available in Paging File | 28.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.36 Gb Total Space | 218.14 Gb Free Space | 75.65% Space Free | Partition Type: NTFS
Drive D: | 9.73 Gb Total Space | 4.28 Gb Free Space | 43.95% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-617309455-594879788-2053407963-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{402B8AE1-6B0C-4919-81D0-7039870B4D32}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{4A1D3F95-74C8-4571-84A8-A8B8D91DCFBB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AB1DD33A-6D16-46CE-A680-157B79660F2A}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{BE3884A8-731C-4D3F-B813-F918FA2CAC37}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{FD72116C-2602-49C5-8257-0C067EAA1978}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{12C55909-848A-4C50-8B5B-FCD3245DDAC0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{859EAAAA-9607-44A6-AA51-AFE04EE4DF1B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A136659D-A24D-4D32-A98A-C814DDC816A2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F29D0AEB-8792-4FBA-874F-FE6026F42842}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91B3BEC8-748B-4912-82ED-29D38E140B2A}" = Linkit_eBay
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG Free 9.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"EsetOnlineScanner" = ESET Online Scanner
"Gateway Game Console" = Gateway Game Console
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"PROSet" = Intel® PRO Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.83
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"WT021682" = FATE
"WT021890" = Blackhawk Striker 2
"WT021892" = Blasterball 3
"WT021896" = Family Feud 2
"WT021900" = Penguins!
"WT021902" = Polar Bowler
"WT021904" = Polar Golfer
"WT022436" = Tradewinds
"Xvid_is1" = Xvid 1.1.2 final uninstall
"Yapta" = Yapta

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2010 9:55:20 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18928, time stamp
0x4bdfa327, faulting module YaptaSidebar.dll_unloaded, version 0.0.0.0, time stamp
0x4bce2e87, exception code 0xc0000005, fault offset 0x0b9fbe60, process id 0x434,
application start time 0x01cb3171fe0521f7.

Error - 8/1/2010 4:30:15 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18928, time stamp
0x4bdfa327, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00039747, process id 0x6e0, application
start time 0x01cb31b47189c7b5.

Error - 8/2/2010 5:14:07 PM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 8/4/2010 2:17:29 PM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 8/5/2010 8:51:21 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = The program SUPERANTISPYWARE.EXE version 4.27.0.1002 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 824 Start Time: 01cb3497ecb6e293 Termination Time: 60000

Error - 8/5/2010 2:34:34 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18928, time stamp
0x4bdfa327, faulting module YaptaSidebar.dll_unloaded, version 0.0.0.0, time stamp
0x4bce2e87, exception code 0xc0000005, fault offset 0x0841be60, process id 0x1488,
application start time 0x01cb349cd6d49533.

Error - 8/12/2010 8:35:53 AM | Computer Name = user-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/16/2010 4:06:32 PM | Computer Name = user-PC | Source = VSS | ID = 8194
Description =

Error - 8/19/2010 2:17:28 PM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 9/2/2010 10:31:11 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18943, time stamp
0x4c25813d, faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e,
exception code 0x40000015, fault offset 0x00052fcb, process id 0x16d8, application
start time 0x01cb4aaaf880522a.

[ Media Center Events ]
Error - 3/4/2009 8:34:57 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 9:48:49 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/20/2009 5:26:49 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/14/2009 7:27:55 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/14/2009 3:25:06 PM | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/18/2009 11:22:43 AM | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 11/6/2009 11:08:49 AM | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/10/2010 7:37:24 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2010 9:32:00 AM | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/23/2010 1:15:24 PM | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 8/11/2011 7:06:55 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/11/2011 7:48:03 AM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 8/11/2011 7:48:41 AM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 8/11/2011 7:51:14 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/11/2011 8:48:59 AM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 8/11/2011 8:49:16 AM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 8/11/2011 8:52:54 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/11/2011 9:30:39 AM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 8/11/2011 9:31:39 AM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 8/11/2011 9:34:40 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


2nd-
OTL logfile created on: 8/11/2011 5:17:26 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\user\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 29.03% Memory free
3.23 Gb Paging File | 0.92 Gb Available in Paging File | 28.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.36 Gb Total Space | 218.14 Gb Free Space | 75.65% Space Free | Partition Type: NTFS
Drive D: | 9.73 Gb Total Space | 4.28 Gb Free Space | 43.95% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 17:17:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2011/07/29 09:58:42 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/28 07:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/22 16:32:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/15 09:13:53 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 09:30:09 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 15:46:26 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/22 09:55:21 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 13:32:49 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 13:32:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 13:31:57 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/29 16:58:32 | 000,353,584 | ---- | M] (Yapta, Inc.) -- C:\Program Files\Yapta\YaptaClient.exe
PRC - [2009/08/07 07:25:39 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/20 06:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/12/01 17:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/07 17:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
PRC - [2006/11/07 17:08:40 | 000,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe
PRC - [2005/12/02 12:17:00 | 000,434,176 | ---- | M] (Sony Corporation) -- C:\Windows\System32\VirtualExpander\VirtualExpander.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 17:17:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/16 13:32:49 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/22 09:55:21 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 13:32:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/06 12:45:49 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/02/04 10:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/16 13:31:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/02 08:51:21 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/07 07:25:39 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/27 12:20:55 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/06/19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2006/11/08 19:54:02 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/04 21:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/02/16 16:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 11:04:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 09:51:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/20 19:08:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/07/06 09:51:27 | 000,000,000 | ---D | M]

[2010/06/10 20:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2010/06/10 20:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/24 17:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fw6p3h5c.default\extensions
[2010/09/10 15:46:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fw6p3h5c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 08:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/22 16:32:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/06 09:51:26 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yapta BHO) - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll (Yapta, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Yapta Tracker] C:\Program Files\Yapta\YaptaClient.exe (Yapta, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtualExpander.lnk = C:\Windows\System32\VirtualExpander\VirtualExpander.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - Reg Error: Value error. File not found
O9 - Extra Button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.stonyfiel...criptX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://edownload.gri...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{70c06731-010c-11de-98aa-0019d1611f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{70c06731-010c-11de-98aa-0019d1611f4a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{70c06748-010c-11de-98aa-0019d1611f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{70c06748-010c-11de-98aa-0019d1611f4a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{a6f4db88-e1b3-11df-b81a-0019d1611f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{a6f4db88-e1b3-11df-b81a-0019d1611f4a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{c16df342-056a-11dc-acf8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c16df342-056a-11dc-acf8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe
O33 - MountPoints2\{ec504024-420f-11dc-994d-0019d1611f4a}\Shell\AutoRun\command - "" = K:\PStart.exe
O33 - MountPoints2\{f0327f60-b8bc-11de-b1c5-0019d1611f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{f0327f60-b8bc-11de-b1c5-0019d1611f4a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 07:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/08/10 20:31:32 | 000,000,000 | ---D | C] -- C:\c1bf3e2ee6bee5bbb003
[2011/08/10 16:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/08/10 16:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/11 16:23:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/11 15:34:25 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 15:34:25 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 14:48:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/11 10:21:31 | 083,543,275 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/08/11 09:42:17 | 000,586,833 | ---- | M] () -- C:\logfile
[2011/08/11 09:34:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/11 09:34:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/11 09:33:40 | 1599,270,912 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/11 08:52:07 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/11 07:48:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/08/11 07:48:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/10 16:21:16 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Master.lnk
[2011/08/10 16:20:09 | 000,000,736 | ---- | M] () -- C:\Windows\SamsungMaster.INI
[2011/08/09 20:58:21 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/08/09 20:58:21 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/08/08 08:56:01 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2011/08/06 07:44:54 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Local\{C3A831D8-54C7-4CE8-9CC3-531407140CCF}
[2011/08/05 21:36:53 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Local\{4C4C0C27-7242-466B-9F2A-2786ED73D52A}
[2011/08/05 14:38:45 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/05 14:38:45 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/11 07:48:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/08/11 07:48:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/06 07:44:54 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{C3A831D8-54C7-4CE8-9CC3-531407140CCF}
[2011/08/05 21:36:53 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{4C4C0C27-7242-466B-9F2A-2786ED73D52A}
[2011/04/25 08:22:45 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/25 08:22:45 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/06/08 19:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/07 09:33:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/07 09:33:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/07 09:32:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/03 17:24:39 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/02/06 12:05:02 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2009/02/06 11:55:59 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/06 11:55:58 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/06 11:55:58 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\OnlineScannerLang.dll
[2008/02/05 08:48:04 | 000,077,824 | ---- | C] () -- C:\Windows\System32\OnlineScannerUninstaller.exe
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/10/24 13:14:20 | 000,000,984 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2007/08/10 20:29:36 | 000,000,031 | ---- | C] () -- C:\Windows\popcinfo.dat
[2007/08/03 17:41:36 | 000,025,600 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\Windows\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\Windows\System32\lnod32apiA.dll
[2007/05/18 14:59:17 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/05/18 14:30:37 | 000,000,004 | ---- | C] () -- C:\Windows\Pix11.dat
[2007/05/18 14:19:17 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2007/05/18 14:19:16 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2007/05/18 14:19:16 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/05/18 14:19:16 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 17:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,295,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\Windows\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lnod32upd.dll

========== LOP Check ==========

[2011/07/06 09:51:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Catalina Marketing Corp
[2007/12/07 11:59:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SampleView
[2007/10/24 13:14:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2010/06/10 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
[2007/08/10 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2008/02/10 12:11:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Yapta
[2011/08/08 08:56:01 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2011/08/11 09:32:34 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:813B8EB6

< End of report >

Referred from this topic to post in this part of the forum:-

http://www.geekstogo...46#entry2047546

Edited by Dakeyras, 17 August 2011 - 04:23 AM.
Added referal topic URL.

  • 0

Advertisements


#2
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello Nancy
:unsure: . I'm Michael and I'm going to help you fix your computer :yes:

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

I'm sorry for the late reply. Are you sure that Security Professional was the name of the rogue?
I'd like some fresh scans as it has been some days


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :)

Next:



Posted Image OTL Custom Scan
  • Download OTL to your Desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#3
tofu5

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
I disabled Realtime protection on SuperAntispyware,Spyware Blaster and SpywareGuard. have no idea how to do that for AVGFree, or AdAware free.

Nancy
  • 0

#4
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Follow this to disable AVG and here is how to disable Ad-Watch. Remember to enable them back after you finish the fixes :)
  • 0

#5
tofu5

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
I disabled AVG. When I rightclick on the Ad-Aware icon , there is no choice for Settings. What I have a choice of is " Open Ad-Aware, Open Threatwork Alliance, Disable Ad-Watch Live!, Run Scan, Update, Exit Ad-Aware". I Would assume the choice would be Disable but just wanted to verify.
  • 0

#6
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Yes, that's it :)
I'll leave for now as I have something to do, you can post the logs and when I come back in 3-4 hours I'll review them
  • 0

#7
tofu5

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
I misstated, the virus was Security Protection.
I have re-enabled all the antispyware/malware.

OTL log:

OTL logfile created on: 8/17/2011 1:12:34 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = c:\Users\user\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 47.14% Memory free
3.23 Gb Paging File | 1.55 Gb Available in Paging File | 47.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.36 Gb Total Space | 217.21 Gb Free Space | 75.33% Space Free | Partition Type: NTFS
Drive D: | 9.73 Gb Total Space | 4.28 Gb Free Space | 43.95% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 17:17:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- c:\Users\user\Downloads\OTL.exe
PRC - [2011/06/28 07:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/03/15 09:13:53 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 09:30:09 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 15:46:26 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/22 09:55:21 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 13:32:49 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 13:32:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 13:31:57 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/29 16:58:32 | 000,353,584 | ---- | M] (Yapta, Inc.) -- C:\Program Files\Yapta\YaptaClient.exe
PRC - [2009/08/07 07:25:39 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/20 06:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/12/01 17:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/07 17:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
PRC - [2006/11/07 17:08:40 | 000,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe
PRC - [2005/12/02 12:17:00 | 000,434,176 | ---- | M] (Sony Corporation) -- C:\Windows\System32\VirtualExpander\VirtualExpander.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 17:17:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- c:\Users\user\Downloads\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/16 13:32:49 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/22 09:55:21 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 13:32:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/06 12:45:49 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/02/04 10:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/16 13:31:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/02 08:51:21 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/07 07:25:39 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/27 12:20:55 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/06/19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2006/11/08 19:54:02 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/04 21:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/02/16 16:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-617309455-594879788-2053407963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-617309455-594879788-2053407963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-617309455-594879788-2053407963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-617309455-594879788-2053407963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-617309455-594879788-2053407963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 07:57:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 09:51:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/20 19:08:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/07/06 09:51:27 | 000,000,000 | ---D | M]

[2010/06/10 20:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2010/06/10 20:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/24 17:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fw6p3h5c.default\extensions
[2010/09/10 15:46:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fw6p3h5c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 08:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/08/17 07:57:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/06 09:51:26 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yapta BHO) - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll (Yapta, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Yapta Tracker] C:\Program Files\Yapta\YaptaClient.exe (Yapta, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-617309455-594879788-2053407963-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtualExpander.lnk = C:\Windows\System32\VirtualExpander\VirtualExpander.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-617309455-594879788-2053407963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - Reg Error: Value error. File not found
O9 - Extra Button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.stonyfiel...criptX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://edownload.gri...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{70c06731-010c-11de-98aa-0019d1611f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{70c06731-010c-11de-98aa-0019d1611f4a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{70c06748-010c-11de-98aa-0019d1611f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{70c06748-010c-11de-98aa-0019d1611f4a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{a6f4db88-e1b3-11df-b81a-0019d1611f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{a6f4db88-e1b3-11df-b81a-0019d1611f4a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{c16df342-056a-11dc-acf8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c16df342-056a-11dc-acf8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe
O33 - MountPoints2\{ec504024-420f-11dc-994d-0019d1611f4a}\Shell\AutoRun\command - "" = K:\PStart.exe
O33 - MountPoints2\{f0327f60-b8bc-11de-b1c5-0019d1611f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{f0327f60-b8bc-11de-b1c5-0019d1611f4a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 09:25:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/08/11 09:25:13 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/08/11 08:27:19 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/08/11 08:26:55 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/08/11 08:26:54 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/08/11 08:26:42 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/08/11 08:26:04 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/08/11 08:24:02 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/08/11 07:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/08/11 07:25:45 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/08/11 07:25:44 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/08/11 07:25:44 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/08/11 07:25:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/08/11 07:25:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/08/11 07:25:18 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/08/11 07:25:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011/08/11 07:25:16 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/08/11 07:25:16 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/08/11 07:25:16 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/08/11 07:25:16 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011/08/11 07:25:16 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/08/11 07:25:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/08/11 07:25:16 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/08/11 07:25:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011/08/11 07:24:08 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/08/11 07:24:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/08/11 07:20:51 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/08/11 07:20:51 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/08/11 07:20:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/08/11 07:20:43 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/08/11 07:20:43 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/08/11 07:20:43 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/08/11 07:20:41 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/08/11 07:20:41 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/08/11 07:20:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/08/10 20:40:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 20:40:38 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/10 20:40:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/08/10 20:40:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 20:40:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/10 20:40:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 20:31:32 | 000,000,000 | ---D | C] -- C:\c1bf3e2ee6bee5bbb003
[2011/08/10 20:26:16 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/10 16:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/08/10 16:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2011/08/10 07:43:23 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 07:43:10 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 07:43:10 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/17 13:07:18 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2011/08/17 12:23:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/17 11:48:51 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 11:48:51 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 09:24:06 | 083,895,253 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/08/17 08:23:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/17 07:57:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/17 07:56:18 | 000,594,866 | ---- | M] () -- C:\logfile
[2011/08/17 07:48:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 07:48:44 | 1597,202,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/15 07:04:36 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/08/15 07:04:36 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/08/11 08:52:07 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/11 07:48:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/08/11 07:48:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/10 20:26:16 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/10 16:21:16 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Master.lnk
[2011/08/10 16:20:09 | 000,000,736 | ---- | M] () -- C:\Windows\SamsungMaster.INI
[2011/08/08 08:56:01 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2011/08/06 07:44:54 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Local\{C3A831D8-54C7-4CE8-9CC3-531407140CCF}
[2011/08/05 21:36:53 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Local\{4C4C0C27-7242-466B-9F2A-2786ED73D52A}
[2011/08/05 14:38:45 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/05 14:38:45 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/21 22:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/21 22:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/21 22:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/21 22:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/07/21 22:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/21 22:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/17 12:54:15 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2011/08/11 07:48:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/08/11 07:48:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/06 07:44:54 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{C3A831D8-54C7-4CE8-9CC3-531407140CCF}
[2011/08/05 21:36:53 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{4C4C0C27-7242-466B-9F2A-2786ED73D52A}
[2011/04/25 08:22:45 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/25 08:22:45 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/06/08 19:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/07 09:33:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/07 09:33:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/07 09:32:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/03 17:24:39 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/02/06 12:05:02 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2009/02/06 11:55:59 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/06 11:55:58 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/06 11:55:58 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\OnlineScannerLang.dll
[2008/02/05 08:48:04 | 000,077,824 | ---- | C] () -- C:\Windows\System32\OnlineScannerUninstaller.exe
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/10/24 13:14:20 | 000,000,984 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2007/08/10 20:29:36 | 000,000,031 | ---- | C] () -- C:\Windows\popcinfo.dat
[2007/08/03 17:41:36 | 000,025,600 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\Windows\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\Windows\System32\lnod32apiA.dll
[2007/05/18 14:59:17 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/05/18 14:30:37 | 000,000,004 | ---- | C] () -- C:\Windows\Pix11.dat
[2007/05/18 14:19:17 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2007/05/18 14:19:16 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2007/05/18 14:19:16 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/05/18 14:19:16 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 17:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,295,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\Windows\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lnod32upd.dll

========== LOP Check ==========

[2011/07/06 09:51:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Catalina Marketing Corp
[2007/12/07 11:59:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SampleView
[2007/10/24 13:14:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2010/06/10 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
[2007/08/10 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2008/02/10 12:11:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Yapta
[2011/08/08 08:56:01 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2011/08/16 20:50:18 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 08:30:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 08:30:12 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/17 07:56:37 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/17 07:56:37 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/17 07:56:37 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/08/17 07:57:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/17 07:57:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/17 07:57:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/09 07:28:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/09 07:28:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/09 07:28:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/09 07:28:20 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/09 07:28:20 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/17 07:56:37 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/17 07:56:37 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/17 07:56:37 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/08/17 07:57:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/17 07:57:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/17 07:57:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/09 07:28:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/09 07:28:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/09 07:28:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/09 07:28:20 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/09 07:28:20 | 000,748,336 | ---- | M] (Microsoft Corporation)

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:813B8EB6

< End of report >

aswMBR log:
I had saved it when I thought it was finished, then noticed it was still scanning.

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-17 12:44:34
-----------------------------
12:44:34.228 OS Version: Windows 6.0.6002 Service Pack 2
12:44:34.228 Number of processors: 2 586 0xF02
12:44:34.244 ComputerName: USER-PC UserName: user
12:45:11.574 Initialize success
12:49:45.936 AVAST engine defs: 11081701
12:50:39.210 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
12:50:39.210 Disk 0 Vendor: WDC_WD3200AAJS-00RYA0 12.01B01 Size: 305245MB BusType: 3
12:50:41.238 Disk 0 MBR read successfully
12:50:41.238 Disk 0 MBR scan
12:50:41.238 Disk 0 Windows VISTA default MBR code
12:50:41.253 Disk 0 scanning sectors +625137345
12:50:41.316 Disk 0 scanning C:\Windows\system32\drivers
12:50:51.986 Service scanning
12:50:54.217 Modules scanning
12:51:05.730 Disk 0 trace - called modules:
12:51:05.745 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:51:05.761 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853fba50]
12:51:05.761 3 CLASSPNP.SYS[86da98b3] -> nt!IofCallDriver -> [0x84a6bbc0]
12:51:05.777 5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x84a7f030]
12:51:06.572 AVAST engine scan C:\Windows
12:51:10.410 AVAST engine scan C:\Windows\system32
12:53:12.979 AVAST engine scan C:\Windows\system32\drivers
12:53:24.882 AVAST engine scan C:\Users\user
12:54:15.566 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
12:54:15.566 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
12:58:53.160 File: C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5fee0261-3d07af3b **INFECTED** Win32:Defender [Trj]
13:01:01.906 AVAST engine scan C:\ProgramData
13:04:40.104 Scan finished successfully
13:07:18.272 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
13:07:18.288 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txtlog.txt"


I saw the MBR.data on the desktop, but do not know how to zip it.

Edited by tofu5, 17 August 2011 - 11:44 AM.

  • 0

#8
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\S-1-5-21-617309455-594879788-2053407963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
    O32 - AutoRun File - [2004/04/30 20:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{70c06731-010c-11de-98aa-0019d1611f4a}\Shell - "" = AutoRun
    O33 - MountPoints2\{70c06731-010c-11de-98aa-0019d1611f4a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
    O33 - MountPoints2\{70c06748-010c-11de-98aa-0019d1611f4a}\Shell - "" = AutoRun
    O33 - MountPoints2\{70c06748-010c-11de-98aa-0019d1611f4a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
    O33 - MountPoints2\{a6f4db88-e1b3-11df-b81a-0019d1611f4a}\Shell - "" = AutoRun
    O33 - MountPoints2\{a6f4db88-e1b3-11df-b81a-0019d1611f4a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
    O33 - MountPoints2\{c16df342-056a-11dc-acf8-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{c16df342-056a-11dc-acf8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe
    O33 - MountPoints2\{ec504024-420f-11dc-994d-0019d1611f4a}\Shell\AutoRun\command - "" = K:\PStart.exe
    O33 - MountPoints2\{f0327f60-b8bc-11de-b1c5-0019d1611f4a}\Shell - "" = AutoRun
    O33 - MountPoints2\{f0327f60-b8bc-11de-b1c5-0019d1611f4a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    :Services

    :Reg

    :Files
    C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5fee0261-3d07af3b

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    C:\programdata\*.*
    %appdata%\*.*

  • Click the Quick Scan button. Post the log it produces in your next reply.



Next:

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.



Next:



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



Next:

Go here and download Java
  • 0

#9
tofu5

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
Well, I was running OTL, and pasted in everything you said to Paste in. After 4 minutes or so, a window from Windows popped up and said "OTL stopped working and Windows is looking for a reason" and now the monitor has no icons and I see no way to start/stop the computer. I also see no way to get on the internet if I wanted so I am staying on this page. I did not know if OTL was finished and I should reboot but I cannot reboot anyway, I have no start/stop button or any icons at the bottom of my monitor.

Edited by tofu5, 17 August 2011 - 03:04 PM.

  • 0

#10
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
It seems that OTL crashed...
Push the power button of your computer to make it shut down.
Then start the computer and begin pressing the F8 key until you get to the advanced boot menu
Select safe mode:
Posted Image
Then run the OTL fix from there and let me know how it goes
  • 0

Advertisements


#11
tofu5

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
I am now on my husbands laptop. My computer is in Safe mode but I cannot find OTL. And I cannot get on the Internet. It says Internet Explorer cannot display the webpage. I have tried Refresh numerous times, to no avail.
  • 0

#12
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

OK restart again and choose Safe Mode With Networking instead of Safe Mode. Then you'll have internet to download the fix.
You have to log in from the same user as before in order to find OTL where you left it.
If you still cant find it, re-download it from here :)
  • 0

#13
tofu5

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
I am back on my computer, tho it is acting very weird. And the computer did not want me to access OTL this time. Following is the quickscan result:

OTL logfile created on: 8/17/2011 7:19:18 PM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = c:\Users\user\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.17 Gb Available Physical Memory | 11.62% Memory free
3.23 Gb Paging File | 1.53 Gb Available in Paging File | 47.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.36 Gb Total Space | 218.25 Gb Free Space | 75.69% Space Free | Partition Type: NTFS
Drive D: | 9.73 Gb Total Space | 4.28 Gb Free Space | 43.95% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/17 19:11:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- c:\Users\user\Downloads\OTL (1).exe
PRC - [2011/08/10 20:26:15 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011/07/29 09:58:42 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/28 07:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/03/15 09:13:53 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 09:30:09 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 15:46:26 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/22 09:55:21 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 13:32:49 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 13:32:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 13:31:57 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/29 16:58:32 | 000,353,584 | ---- | M] (Yapta, Inc.) -- C:\Program Files\Yapta\YaptaClient.exe
PRC - [2009/08/07 07:25:39 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/20 06:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/12/01 17:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/07 17:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
PRC - [2006/11/07 17:08:40 | 000,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 19:15:12 | 000,117,760 | ---- | M] () -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2010/01/14 09:12:55 | 000,052,224 | ---- | M] () -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/11/30 10:04:06 | 002,052,096 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll
MOD - [2009/11/30 10:04:06 | 001,339,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll
MOD - [2009/11/30 10:04:06 | 000,835,584 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll
MOD - [2009/11/30 10:04:06 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll
MOD - [2009/11/30 10:04:06 | 000,770,048 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll
MOD - [2009/11/30 10:04:06 | 000,679,936 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2009/11/30 10:04:06 | 000,495,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll
MOD - [2009/11/30 10:04:06 | 000,430,080 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll
MOD - [2009/11/30 10:04:06 | 000,232,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2009/11/30 10:04:06 | 000,139,264 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2009/11/30 10:03:09 | 000,013,824 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\MEshim.dll
MOD - [2009/11/30 10:03:08 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2009/11/30 10:03:08 | 000,405,504 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2009/11/30 10:03:08 | 000,338,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2009/11/30 10:03:08 | 000,338,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2009/11/30 10:03:08 | 000,246,272 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2009/11/30 10:03:08 | 000,120,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2009/11/30 10:03:08 | 000,086,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2009/11/30 10:03:08 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2009/11/30 10:03:08 | 000,061,952 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2009/11/30 10:03:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2009/11/30 10:03:08 | 000,051,712 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2009/11/30 10:03:08 | 000,009,728 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2009/11/30 10:03:07 | 001,035,264 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2009/11/30 10:03:07 | 000,667,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2009/11/30 10:03:07 | 000,335,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2009/11/30 10:03:07 | 000,303,104 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2009/11/30 10:03:07 | 000,223,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2009/11/30 10:03:07 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2009/11/30 10:03:07 | 000,115,200 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2009/11/30 10:03:07 | 000,095,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2009/11/30 10:03:07 | 000,081,920 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2009/11/30 10:03:07 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2009/09/23 12:39:46 | 000,193,536 | ---- | M] () -- C:\Program Files\Yapta\libcurl.dll
MOD - [2007/02/20 06:10:20 | 000,192,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\AddIn\VistaPCD.cyx
MOD - [2007/02/20 06:09:22 | 000,094,208 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\AddIn\VPCD.dll
MOD - [2007/02/20 04:34:48 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\AddIn\LocVistaPCD.dll
MOD - [2006/11/07 17:08:40 | 000,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:24:01 | 000,192,512 | R--- | M] () -- C:\Program Files\SpywareGuard\dlprotect.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/22 09:55:21 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 13:32:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/06 12:45:49 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/02/04 10:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/16 13:31:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/02 08:51:21 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/07 07:25:39 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/27 12:20:55 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/06/19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2006/11/08 19:54:02 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/04 21:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/02/16 16:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 07:57:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 09:51:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/20 19:08:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/07/06 09:51:27 | 000,000,000 | ---D | M]

[2010/06/10 20:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2010/06/10 20:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/24 17:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fw6p3h5c.default\extensions
[2010/09/10 15:46:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fw6p3h5c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 08:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/08/17 07:57:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/06 09:51:26 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yapta BHO) - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll (Yapta, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Yapta Tracker] C:\Program Files\Yapta\YaptaClient.exe (Yapta, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtualExpander.lnk = C:\Windows\System32\VirtualExpander\VirtualExpander.exe (Sony Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - Reg Error: Value error. File not found
O9 - Extra Button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.stonyfiel...criptX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://edownload.gri...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/17 16:18:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/11 07:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/08/10 20:31:32 | 000,000,000 | ---D | C] -- C:\c1bf3e2ee6bee5bbb003
[2011/08/10 16:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/08/10 16:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid

========== Files - Modified Within 30 Days ==========

[2011/08/17 19:23:14 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/17 19:16:20 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/17 19:13:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 19:13:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 19:13:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/17 19:13:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 19:13:43 | 1599,270,912 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 13:07:18 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2011/08/17 09:24:06 | 083,895,253 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/08/17 07:56:18 | 000,594,866 | ---- | M] () -- C:\logfile
[2011/08/15 07:04:36 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/08/15 07:04:36 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/08/11 08:52:07 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/11 07:48:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/08/11 07:48:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/10 16:21:16 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Master.lnk
[2011/08/10 16:20:09 | 000,000,736 | ---- | M] () -- C:\Windows\SamsungMaster.INI
[2011/08/08 08:56:01 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2011/08/06 07:44:54 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Local\{C3A831D8-54C7-4CE8-9CC3-531407140CCF}
[2011/08/05 21:36:53 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Local\{4C4C0C27-7242-466B-9F2A-2786ED73D52A}
[2011/08/05 14:38:45 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/05 14:38:45 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/08/17 19:13:43 | 1599,270,912 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/17 12:54:15 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2011/08/11 07:48:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/08/11 07:48:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/06 07:44:54 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{C3A831D8-54C7-4CE8-9CC3-531407140CCF}
[2011/08/05 21:36:53 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{4C4C0C27-7242-466B-9F2A-2786ED73D52A}
[2011/04/25 08:22:45 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/25 08:22:45 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/06/08 19:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/07 09:33:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/07 09:33:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/07 09:32:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/03 17:24:39 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/02/06 12:05:02 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2009/02/06 11:55:59 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/06 11:55:58 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/06 11:55:58 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\OnlineScannerLang.dll
[2008/02/05 08:48:04 | 000,077,824 | ---- | C] () -- C:\Windows\System32\OnlineScannerUninstaller.exe
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/10/24 13:14:20 | 000,000,984 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2007/08/10 20:29:36 | 000,000,031 | ---- | C] () -- C:\Windows\popcinfo.dat
[2007/08/03 17:41:36 | 000,025,600 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\Windows\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\Windows\System32\lnod32apiA.dll
[2007/05/18 14:59:17 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/05/18 14:30:37 | 000,000,004 | ---- | C] () -- C:\Windows\Pix11.dat
[2007/05/18 14:19:17 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2007/05/18 14:19:16 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2007/05/18 14:19:16 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/05/18 14:19:16 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 17:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,295,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\Windows\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lnod32upd.dll

========== LOP Check ==========

[2011/07/06 09:51:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Catalina Marketing Corp
[2007/12/07 11:59:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SampleView
[2007/10/24 13:14:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2010/06/10 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
[2007/08/10 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2008/02/10 12:11:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Yapta
[2011/08/08 08:56:01 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2011/08/17 17:42:48 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< C:\programdata\*.* >

< %appdata%\*.* >
[2011/01/12 15:53:51 | 000,000,984 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:813B8EB6

< End of report >
  • 0

#14
tofu5

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
This may be off-topic. I notice a lot of Kodak EasyShare software. Any reason I would need all those? I do not have a Kodak camera.

Flash Drive Disinfector-"may ask you to insert your flash drive and/or other removable drives including your mobile phone" the only item I have plugged into the usb port has been the connection from my camera. will I have to plug the camera in for the flash drive disinfector?
N

Edited by tofu5, 17 August 2011 - 06:44 PM.

  • 0

#15
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
I saw it too, but I supposed it was for your camera. If it's not, then uninstall the following program:
Kodak EasyShare software

Yes please plug the camera for the Flash Drive disinfector.

Waiting for the combofix log :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP