Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware?

Started by craziecomputer , Sep 03 2011 05:51 PM

This topic is locked

#1
craziecomputer

Posted 03 September 2011 - 05:51 PM

Member

Member
26 posts

Hello,

Recently my computer as really slowed down. Today I found that someone logged into my yahoo mail account and sent out some spam email. Also about 2 weeks ago when I was shutting down the computer I got a close program popup for "wildebeest" which I don't think I have. I have scanned with superantispyware, ad-ware and malwarebytes and found nothing. I also downloaded Vipre antivirus and it found nothing, but froze about half way through. Thanks for your help. Here is my OTL log.

OTL logfile created on: 9/3/2011 5:08:15 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Carl\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.14% Memory free
3.35 Gb Paging File | 2.18 Gb Available in Paging File | 64.97% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.46 Gb Total Space | 5.02 Gb Free Space | 5.67% Space Free | Partition Type: NTFS

Computer Name: DF32MM85 | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 12:01:10 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl\My Documents\Downloads\OTL.exe
PRC - [2011/09/03 11:59:41 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/09/03 11:59:34 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/09/03 01:07:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/17 11:30:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/17 11:30:16 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/08/11 09:27:42 | 015,490,560 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\nexdef.exe
PRC - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2011/04/18 16:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 04:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 15:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 04:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/04/02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/04/02 16:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/10/14 13:39:30 | 000,933,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/14 16:25:26 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/02/12 13:23:10 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2006/05/16 23:15:10 | 000,071,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2006/01/22 19:30:16 | 000,098,304 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2005/12/17 22:33:20 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/11/11 18:00:56 | 001,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/11/11 17:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/11/11 17:42:12 | 000,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/10/13 18:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/09/22 19:29:08 | 000,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/08/24 15:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2004/10/30 13:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/13 15:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 15:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 15:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 15:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/08/19 13:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2003/12/17 08:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE

========== Modules (No Company Name) ==========

MOD - [2011/09/03 16:45:55 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/09/03 12:00:40 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/09/03 12:00:32 | 000,589,184 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/09/03 11:54:13 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/09/03 01:07:26 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/19 09:36:58 | 004,425,040 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
MOD - [2011/08/19 09:36:43 | 000,316,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
MOD - [2011/08/19 09:36:34 | 000,263,504 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
MOD - [2011/08/19 09:36:33 | 000,394,576 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
MOD - [2011/08/19 09:36:33 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll
MOD - [2011/08/19 09:36:32 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll
MOD - [2011/08/19 09:36:31 | 000,349,520 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll
MOD - [2011/08/19 09:36:31 | 000,300,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
MOD - [2011/08/19 09:36:30 | 000,210,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
MOD - [2011/08/19 09:36:29 | 000,443,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll
MOD - [2011/08/19 09:36:29 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
MOD - [2011/08/19 09:36:28 | 000,193,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/08/19 09:36:27 | 000,292,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll
MOD - [2011/08/19 09:36:26 | 000,210,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/08/19 09:36:25 | 000,963,920 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll
MOD - [2011/08/19 09:36:25 | 000,202,064 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll
MOD - [2011/08/18 15:25:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/08/18 13:05:29 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/11 09:27:44 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011/08/11 09:27:44 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\rt\bin\java.dll
MOD - [2011/08/11 09:27:42 | 015,490,560 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\nexdef.exe
MOD - [2011/08/11 09:27:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\rt\bin\zip.dll
MOD - [2011/08/11 09:27:40 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2011/08/06 09:56:49 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/06 09:56:49 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/06 09:56:49 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/10/08 17:20:38 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7d563cc2\mscorlib.dll
MOD - [2010/10/08 17:19:32 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_9e9d2691\system.xml.dll
MOD - [2010/10/08 01:08:23 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bf8112e1\system.dll
MOD - [2010/10/08 01:07:59 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/04/28 15:06:02 | 000,075,040 | ---- | M] () -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MOD - [2010/04/02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
MOD - [2009/08/28 17:38:52 | 000,131,072 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2009/06/04 19:03:04 | 000,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll
MOD - [2008/07/14 16:25:26 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\acAuth.dll
MOD - [2005/12/22 17:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\unrar.dll
MOD - [2005/11/04 21:34:35 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/09/07 15:03:46 | 000,073,728 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL
MOD - [2004/02/20 14:14:09 | 000,176,177 | ---- | M] () -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
MOD - [2002/05/14 19:22:34 | 000,122,880 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/03 11:59:34 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/17 11:30:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/05/11 16:54:28 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/04/18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/02 16:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/14 16:25:26 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/11 17:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) [Auto | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 18:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 15:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/07/01 18:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2004/09/07 15:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)

========== Driver Services (SafeList) ==========

DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/08/04 12:16:06 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 12:16:04 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/05 14:03:51 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/05/11 16:26:04 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/05/11 16:26:04 | 000,021,592 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/04/14 20:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 17:35:20 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/03/16 13:09:43 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/10/12 08:20:38 | 000,591,488 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/04/15 15:32:36 | 000,715,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/05/24 23:33:37 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2008/04/13 12:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/01/07 15:36:15 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/08/22 20:12:26 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/24 19:28:22 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/11/11 21:04:11 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/11/11 17:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/10/03 12:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/13 01:46:20 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/10 21:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/17 08:06:44 | 000,375,424 | ---- | M] (Emuzed, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AngelUsb.sys -- (AngelUsb)
DRV - [2004/11/16 15:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/31 07:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/08/18 13:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/12 07:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/06/17 19:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 19:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 19:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 19:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/12/17 08:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 08:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2001/12/27 10:59:34 | 000,067,072 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Wibukey.sys -- (WIBUKEY)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 09:08:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 01:07:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 17:18:12 | 000,000,000 | ---D | M]

[2008/09/23 23:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Extensions
[2011/07/20 17:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\mphl9xe6.default\extensions
[2009/01/05 23:14:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\mphl9xe6.default\extensions\[email protected]
[2011/05/05 16:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/15 21:35:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/13 16:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/03/16 11:34:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/03 01:07:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/05/05 17:18:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/07/11 16:13:31 | 000,464,723 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost.localdomain
O1 - Hosts: 127.0.0.1 sitefinder.Verisign.com # Verisign has joined the game
O1 - Hosts: 127.0.0.1 sitefinder-idn.Verisign.com # of trying to hijack mistyped
O1 - Hosts: 127.0.0.1 # URLs to their site.
O1 - Hosts: 127.0.0.1 ad.doubleclick.net # This may interefere with www.sears.com
O1 - Hosts: 127.0.0.1 # and potentially other sites.
O1 - Hosts: 127.0.0.1 media.fastclick.net # Likewise, this may interefer with some
O1 - Hosts: 127.0.0.1 # sites.
O1 - Hosts: 127.0.0.1 #up CSS on livejournal
O1 - Hosts: 127.0.0.1 # problems with NPR.org
O1 - Hosts: 127.0.0.1 06272002-dbase.hitcountz.net # Web bugs in spam
O1 - Hosts: 127.0.0.1 123counter.mycomputer.com
O1 - Hosts: 127.0.0.1 123counter.superstats.com
O1 - Hosts: 127.0.0.1 1ca.cqcounter.com
O1 - Hosts: 127.0.0.1 1uk.cqcounter.com
O1 - Hosts: 127.0.0.1 1us.cqcounter.com
O1 - Hosts: 127.0.0.1 2001-007.com
O1 - Hosts: 127.0.0.1 4-counter.com
O1 - Hosts: 127.0.0.1 abscbn.spinbox.net
O1 - Hosts: 127.0.0.1 activity.serving-sys.com #eyeblaster.com
O1 - Hosts: 127.0.0.1 ad-logics.com
O1 - Hosts: 127.0.0.1 adclient.rottentomatoes.com
O1 - Hosts: 127.0.0.1 adcodes.aim4media.com
O1 - Hosts: 127.0.0.1 adcounter.globeandmail.com
O1 - Hosts: 15389 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Carl\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\nexdef.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Documents%20and%20Settings/Carl/My%20Documents/My%20Videos/Pirates/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} http://mvod.web.aol..../ServiceMgr.CAB (ZtServiceManager Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} Reg Error: Value error. (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} Reg Error: Value error. (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F0C4D29-8291-4F57-B7D6-C0C4E4F95C0E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAB6C42-52FD-4EC4-BFFF-F80981DD3818}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Carl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 15:07:14 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{390dd31f-513a-11dd-8211-0010c69d8c42}\Shell - "" = AutoRun
O33 - MountPoints2\{390dd31f-513a-11dd-8211-0010c69d8c42}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{390dd31f-513a-11dd-8211-0010c69d8c42}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{5002072d-63d0-11da-8527-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{5002072d-63d0-11da-8527-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5002072d-63d0-11da-8527-00038a000015}\Shell\AutoRun\command - "" = F:\.\KONY2MLT.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/03 12:42:11 | 000,074,968 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/09/03 12:42:09 | 000,021,592 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/09/03 12:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2011/09/03 12:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Application Data\Sunbelt
[2011/09/03 11:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sunbelt Software
[2011/09/03 11:59:52 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2011/09/03 11:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2011/09/03 11:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/08/20 13:46:52 | 000,331,776 | ---- | C] (EasyTech) -- C:\WINDOWS\System32\EasyRedirect.dll
[2011/08/18 13:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\.autobahn
[2011/08/18 13:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn
[2010/10/18 15:10:58 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Carl\Application Data\pcouffin.sys
[2005/10/30 12:15:51 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005/10/30 12:15:51 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/03 17:33:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1879550682-150560649-2092195097-1005UA.job
[2011/09/03 17:15:36 | 000,254,560 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/09/03 16:35:38 | 000,003,153 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2011/09/03 16:35:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/03 16:34:51 | 2146,922,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/03 15:46:51 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 15:46:47 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Google Chrome.lnk
[2011/09/03 12:46:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/03 12:43:47 | 000,000,106 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\netstat.bat
[2011/09/03 11:59:59 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2011/09/03 11:44:29 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/09/03 11:34:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/03 08:33:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1879550682-150560649-2092195097-1005Core.job
[2011/09/03 03:49:57 | 130,954,251 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/02 18:30:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DF32MM81-Carl).job
[2011/08/30 14:13:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/30 09:35:58 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/30 09:35:58 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/25 11:44:04 | 000,002,544 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/08/25 11:44:04 | 000,001,248 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/08/20 14:11:37 | 000,001,054 | ---- | M] () -- C:\Documents and Settings\Carl\Start Menu\Programs\Startup\NexDef Plug-in.lnk
[2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/08/11 03:12:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/09 09:08:25 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/06 22:46:36 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Microsoft Word.lnk
[2011/08/06 21:14:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/03 12:46:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/03 12:43:47 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\netstat.bat
[2011/09/03 11:59:59 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2011/09/03 11:44:29 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/08/20 14:11:37 | 000,001,054 | ---- | C] () -- C:\Documents and Settings\Carl\Start Menu\Programs\Startup\NexDef Plug-in.lnk
[2011/08/20 13:47:27 | 000,002,544 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/08/20 13:47:27 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/04/23 01:07:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/23 01:07:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/17 15:00:21 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2010/12/01 02:33:08 | 000,000,287 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\ANICONFIG_{6A7F0FD1-17A6-48DB-B3CA-93A29AEFD5B7}.ini
[2010/11/29 13:29:19 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/10/18 15:10:58 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\inst.exe
[2010/10/18 15:10:58 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\pcouffin.cat
[2010/10/18 15:10:58 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\pcouffin.inf
[2010/05/15 00:51:28 | 000,034,208 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/04 10:58:41 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\avformat-50.dll
[2009/11/04 10:58:41 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll
[2009/11/04 10:58:40 | 001,984,512 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll
[2008/07/14 16:25:29 | 000,003,153 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2008/07/14 16:25:26 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2008/07/14 16:25:26 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2008/05/24 16:53:59 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WKDOS.EXE
[2008/05/24 16:53:46 | 000,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll
[2008/05/24 13:52:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2008/05/01 22:42:01 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/01 22:42:01 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/01 22:42:01 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/01 22:42:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/04/29 23:38:18 | 000,000,144 | ---- | C] () -- C:\WINDOWS\DemaDivxFix.ini
[2008/04/14 23:13:30 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/04/14 23:13:29 | 000,002,542 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/10/23 00:01:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/08/11 23:08:40 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/06/20 17:05:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2006/04/25 00:58:22 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2006/04/14 23:19:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/04/07 21:04:41 | 000,000,463 | ---- | C] () -- C:\WINDOWS\EAGRAPH.INI
[2006/01/21 17:17:29 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/01/17 21:52:25 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/01/17 21:51:54 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2006/01/17 21:51:40 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/12/20 11:38:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/12 19:20:55 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\com.kennettnet.PodUtil.plist
[2005/11/27 00:38:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/11/11 20:59:20 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/11/09 07:13:02 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/11/03 01:17:26 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/03 01:17:26 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\E1BD78D787.sys
[2005/10/30 17:13:47 | 000,002,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/24 00:38:42 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/24 00:23:45 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/21 19:24:58 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\PFP120JPR.{PB
[2005/10/21 19:24:58 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\PFP120JCM.{PB
[2005/10/21 15:19:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/10/21 00:06:16 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\fusioncache.dat
[2005/10/11 16:41:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/11 16:34:34 | 000,000,966 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/11 16:31:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/11 16:27:07 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/10/11 16:01:06 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2005/10/11 16:01:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2005/10/11 16:01:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/10/11 16:00:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/11 16:00:50 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/10/11 15:59:56 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/12 09:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/22 18:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/19 15:20:39 | 000,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 15:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 15:03:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 15:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 14:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 14:57:07 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 14:49:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 14:49:47 | 000,382,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 14:49:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 14:49:47 | 000,053,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 14:49:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 14:49:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 14:49:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 14:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 14:49:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 14:49:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 14:49:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 14:49:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/12 07:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll

========== LOP Check ==========

[2011/08/04 12:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2008/03/28 18:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/07/11 19:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/22 21:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/05/24 13:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/10/22 21:25:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006/01/19 23:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCAC3.tmp
[2006/01/19 23:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCAD1.tmp
[2011/05/02 14:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2005/11/25 23:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2009/06/04 19:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Out of the Park Developments
[2007/06/20 17:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2008/08/06 20:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/04/15 00:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/29 23:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/25 00:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2005/10/11 16:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/15 00:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/11/03 22:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\.BitTornado
[2005/10/21 20:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\.bittorrent
[2006/09/24 19:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\ACD Systems
[2010/10/22 21:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\AVG10
[2011/08/21 10:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Azureus
[2007/10/08 18:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\DVDFab
[2010/09/01 16:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\ICAClient
[2005/10/22 17:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Leadertech
[2007/07/14 21:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\My Games
[2005/11/25 23:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Otto
[2011/06/20 15:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Out of the Park Developments
[2006/09/06 18:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\PgcEdit
[2009/01/22 21:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\RipIt4Me
[2009/10/04 23:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\SystemRequirementsLab
[2011/07/25 00:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\TOSHIBA
[2007/10/08 15:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Uniblue
[2010/10/18 15:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Vso
[2011/07/24 16:26:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AEA6AF9

< End of report >

Here is Extras.Txt file
OTL Extras logfile created on: 9/3/2011 5:08:15 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Carl\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.14% Memory free
3.35 Gb Paging File | 2.18 Gb Available in Paging File | 64.97% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.46 Gb Total Space | 5.02 Gb Free Space | 5.67% Space Free | Partition Type: NTFS

Computer Name: DF32MM85 | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6881:TCP" = 6881:TCP:*:Enabled:Port
"6881:UDP" = 6881:UDP:*:Enabled:Az
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\EA SPORTS\MVP Baseball 2005\mvp2005.exe" = C:\Program Files\EA SPORTS\MVP Baseball 2005\mvp2005.exe:*:Enabled:mvp2005
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"D:\Setup.exe" = D:\Setup.exe:*:Enabled:Setup
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe" = C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe:*:Enabled:Easy-Hide-IP

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 22
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{666A81D6-8826-47FA-AF88-67B880A362DB}" = VIPRE Antivirus
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}" = Motorola PST
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E07C71A6-1576-4F7F-8856-B1C439E669AC}" = MotionDV STUDIO 5.6E LE for DV
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Shockwave Player" = Adobe Shockwave Player
"America Online us" = America Online (Choose which version to remove)
"AsfTools_is1" = AsfTools 2.30
"ATI Display Driver" = ATI Display Driver
"Autobahn" = NexDef Plug-in
"AVG" = AVG 2011
"Azureus" = Azureus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.2.2 (01/10/2010)
"DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.2.0.8 Beta
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus
"Mcafee SecurityCenter" = McAfee SecurityCenter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Out of the Park Baseball12" = Out of the Park Baseball 12
"PodUtil_is1" = PodUtil 2.7.1
"ProInst" = Intel® PROSet/Wireless Software
"PSL2 Plugin" = PSL2 Plugin
"RealPlayer 6.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/28/2011 2:37:42 AM | Computer Name = DF32MM85 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/1/2011 8:02:53 PM | Computer Name = DF32MM85 | Source = ESENT | ID = 490
Description = svchost (264) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/2/2011 5:51:36 AM | Computer Name = DF32MM85 | Source = ESENT | ID = 490
Description = svchost (264) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/2/2011 5:51:36 AM | Computer Name = DF32MM85 | Source = ESENT | ID = 439
Description = Catalog Database (264) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.

Error - 9/2/2011 5:51:36 AM | Computer Name = DF32MM85 | Source = ESENT | ID = 473
Description = Catalog Database (264) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

Error - 9/3/2011 12:59:44 PM | Computer Name = DF32MM85 | Source = MsiInstaller | ID = 11500
Description = Product: Ad-Aware -- Error 1500. Another installation is in progress.
You must complete that installation before continuing this one.

Error - 9/3/2011 1:20:25 PM | Computer Name = DF32MM85 | Source = MsiInstaller | ID = 11500
Description = Product: Ad-Aware -- Error 1500. Another installation is in progress.
You must complete that installation before continuing this one.

Error - 9/3/2011 5:30:18 PM | Computer Name = DF32MM85 | Source = ESENT | ID = 490
Description = svchost (2024) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/3/2011 5:30:28 PM | Computer Name = DF32MM85 | Source = ESENT | ID = 490
Description = svchost (2024) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/3/2011 7:00:33 PM | Computer Name = DF32MM85 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.27.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/1/2011 7:32:17 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus

Error - 9/1/2011 7:40:09 PM | Computer Name = DF32MM85 | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.

Error - 9/3/2011 12:43:42 PM | Computer Name = DF32MM85 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/3/2011 12:43:46 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Installer service
to connect.

Error - 9/3/2011 12:43:46 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053

Error - 9/3/2011 1:33:21 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus

Error - 9/3/2011 2:10:58 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Sunbelt VIPRE Antivirus
Service service to connect.

Error - 9/3/2011 2:10:58 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7000
Description = The Sunbelt VIPRE Antivirus Service service failed to start due to
the following error: %%1053

Error - 9/3/2011 2:11:41 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus

Error - 9/3/2011 6:41:06 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus

< End of report >

#2
Dakeyras

Posted 12 September 2011 - 08:01 AM

Anti-Malware Mammoth

Expert
9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Multiple Anti-Virus Advice:

It appears you have the following installed:-

AVG 2011, McAfee SecurityCenter and VIPRE Antivirus

Having multiple Anti-Virus applications installed and active in system memory will cause a system conflict and actually lesson overall online protection. Decide which you wish to keep then uninstall two only of the aforementioned.

Hard-Drive Free Space Advice:

Drive C: | 88.46 Gb Total Space | 5.02 Gb Free Space | 5.67% Space Free | Partition Type: NTFS

This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my humble opinion.

I advise you choose to uninstall some software you do not need and or move any documents/files/pictures etc to a form of removable storage media.

This is just my advice as the lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic and your machine may actually cease to boot up at all.

Peer to Peer Advice:

I see you have Azureus installed. If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

My advice would be to uninstall Azureus. If however you opt not to please refrain from using it during the course of the Malware Removal process, thank you.

Next:

Do you use any of the installed AOL software?

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Ad-Aware <-- Not particularly effective.
Adobe Reader 7.1.0 <-- We will update this in due course.
Adobe Reader 7.0.5 Language Support
HijackThis 1.99.1 <-- Out of date.
Java™ 6 Update 22 <-- We will update this in due course.
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 7
J2SE Development Kit 5.0 Update 6
Internet Explorer Default Page <-- Will hinder the Malware Removal process, plus not particularly effective.
Spybot - Search & Destroy <-- Will hinder the Malware Removal process, you may reinstall when I give the all clear.
SUPERAntiSpyware Free Edition <-- Will hinder the Malware Removal process, you may reinstall when I give the all clear.
Windows Defender <-- Not particularly effective.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

Double-click SecurityCheck.exe then follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.

Next:

Double click on OTL.exe then click/select the Scan All Users checkbox.

Now click on Run Scan. Only one log will be created this time and that is all I require for the time being.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Answer to my AOL query.
SecurityCheck Log.
A new OTL Log.

#3
craziecomputer

Posted 12 September 2011 - 05:37 PM

Member

Topic Starter
Member
26 posts

I use the McAfee SecurityCenter for its firewall only. McAfee Antivirus is uninstalled. OTL running now an will post it soon.

Securitycheck log

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee Shredder
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 27
Adobe Flash Player 10.3.183.7
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#4
craziecomputer

Posted 12 September 2011 - 05:52 PM

Member

Topic Starter
Member
26 posts

I am still working on deleting files to get more space.
I did update my Firefox plugins already.

OTL logfile created on: 9/12/2011 5:38:37 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Carl\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.47% Memory free
3.35 Gb Paging File | 2.33 Gb Available in Paging File | 69.46% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.46 Gb Total Space | 5.51 Gb Free Space | 6.23% Space Free | Partition Type: NTFS

Computer Name: DF32MM85 | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 12:01:10 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl\My Documents\Downloads\OTL.exe
PRC - [2011/09/03 06:28:25 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/08/17 11:30:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/11 09:27:42 | 015,490,560 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\nexdef.exe
PRC - [2011/04/18 16:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 04:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 15:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 04:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/04/02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/04/02 16:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/10/14 13:39:30 | 000,933,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/14 16:25:26 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/02/12 13:23:10 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2006/01/22 19:30:16 | 000,098,304 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2005/12/17 22:33:20 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/11/11 18:00:56 | 001,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/11/11 17:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/11/11 17:42:12 | 000,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/10/13 18:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/09/22 19:29:08 | 000,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/08/24 15:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2004/10/30 13:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/13 15:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 15:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 15:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 15:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/08/19 13:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2003/12/17 08:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE

========== Modules (No Company Name) ==========

MOD - [2011/09/03 06:28:23 | 000,400,440 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll
MOD - [2011/09/03 06:28:22 | 004,118,072 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011/09/03 06:27:18 | 000,300,088 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\Locales\en-US.dll
MOD - [2011/09/03 06:26:51 | 000,104,520 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011/09/03 06:26:49 | 000,203,848 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011/09/03 06:26:48 | 001,846,344 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2011/09/03 04:35:01 | 006,338,720 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gcswf32.dll
MOD - [2011/08/11 09:27:44 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011/08/11 09:27:44 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\rt\bin\java.dll
MOD - [2011/08/11 09:27:42 | 015,490,560 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\nexdef.exe
MOD - [2011/08/11 09:27:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\rt\bin\zip.dll
MOD - [2011/08/11 09:27:40 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/10/08 17:20:38 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7d563cc2\mscorlib.dll
MOD - [2010/10/08 17:19:32 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_9e9d2691\system.xml.dll
MOD - [2010/10/08 01:08:23 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bf8112e1\system.dll
MOD - [2010/10/08 01:07:59 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/04/02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/28 17:38:52 | 000,131,072 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2009/06/04 19:03:04 | 000,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll
MOD - [2008/07/14 16:25:26 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\acAuth.dll
MOD - [2005/11/04 21:34:35 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/09/07 15:03:46 | 000,073,728 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL

========== Win32 Services (SafeList) ==========

SRV - [2011/08/17 11:30:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/02 16:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/14 16:25:26 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/11/11 17:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) [Auto | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 18:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 15:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/07/01 18:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2004/09/07 15:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (SASKUTIL)
DRV - [2011/09/06 22:35:26 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/14 20:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/10/12 08:20:38 | 000,591,488 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/04/15 15:32:36 | 000,715,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/05/24 23:33:37 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2008/04/13 12:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/01/07 15:36:15 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/08/22 20:12:26 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/24 19:28:22 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/11/11 21:04:11 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/11/11 17:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/10/03 12:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/13 01:46:20 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/10 21:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/17 08:06:44 | 000,375,424 | ---- | M] (Emuzed, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AngelUsb.sys -- (AngelUsb)
DRV - [2004/11/16 15:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/31 07:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/08/18 13:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/12 07:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/06/17 19:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 19:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 19:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 19:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/12/17 08:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 08:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2001/12/27 10:59:34 | 000,067,072 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Wibukey.sys -- (WIBUKEY)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1879550682-150560649-2092195097-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1879550682-150560649-2092195097-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1879550682-150560649-2092195097-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 09:08:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/04 16:59:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/04 17:15:46 | 000,000,000 | ---D | M]

[2008/09/23 23:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Extensions
[2011/07/20 17:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\mphl9xe6.default\extensions
[2009/01/05 23:14:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\mphl9xe6.default\extensions\[email protected]
[2011/09/04 16:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/15 21:35:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/13 16:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/04 16:34:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2009/03/16 11:34:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/03 01:07:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/05/05 17:18:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/07/11 16:13:31 | 000,464,723 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost.localdomain
O1 - Hosts: 127.0.0.1 sitefinder.Verisign.com # Verisign has joined the game
O1 - Hosts: 127.0.0.1 sitefinder-idn.Verisign.com # of trying to hijack mistyped
O1 - Hosts: 127.0.0.1 # URLs to their site.
O1 - Hosts: 127.0.0.1 ad.doubleclick.net # This may interefere with www.sears.com
O1 - Hosts: 127.0.0.1 # and potentially other sites.
O1 - Hosts: 127.0.0.1 media.fastclick.net # Likewise, this may interefer with some
O1 - Hosts: 127.0.0.1 # sites.
O1 - Hosts: 127.0.0.1 #up CSS on livejournal
O1 - Hosts: 127.0.0.1 # problems with NPR.org
O1 - Hosts: 127.0.0.1 06272002-dbase.hitcountz.net # Web bugs in spam
O1 - Hosts: 127.0.0.1 123counter.mycomputer.com
O1 - Hosts: 127.0.0.1 123counter.superstats.com
O1 - Hosts: 127.0.0.1 1ca.cqcounter.com
O1 - Hosts: 127.0.0.1 1uk.cqcounter.com
O1 - Hosts: 127.0.0.1 1us.cqcounter.com
O1 - Hosts: 127.0.0.1 2001-007.com
O1 - Hosts: 127.0.0.1 4-counter.com
O1 - Hosts: 127.0.0.1 abscbn.spinbox.net
O1 - Hosts: 127.0.0.1 activity.serving-sys.com #eyeblaster.com
O1 - Hosts: 127.0.0.1 ad-logics.com
O1 - Hosts: 127.0.0.1 adclient.rottentomatoes.com
O1 - Hosts: 127.0.0.1 adcodes.aim4media.com
O1 - Hosts: 127.0.0.1 adcounter.globeandmail.com
O1 - Hosts: 15389 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-1879550682-150560649-2092195097-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1879550682-150560649-2092195097-1005..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Carl\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\nexdef.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1879550682-150560649-2092195097-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_27.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Documents%20and%20Settings/Carl/My%20Documents/My%20Videos/Pirates/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} http://mvod.web.aol..../ServiceMgr.CAB (ZtServiceManager Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} Reg Error: Value error. (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} Reg Error: Value error. (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F0C4D29-8291-4F57-B7D6-C0C4E4F95C0E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAB6C42-52FD-4EC4-BFFF-F80981DD3818}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Carl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 15:07:14 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{390dd31f-513a-11dd-8211-0010c69d8c42}\Shell - "" = AutoRun
O33 - MountPoints2\{390dd31f-513a-11dd-8211-0010c69d8c42}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{390dd31f-513a-11dd-8211-0010c69d8c42}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{5002072d-63d0-11da-8527-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{5002072d-63d0-11da-8527-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5002072d-63d0-11da-8527-00038a000015}\Shell\AutoRun\command - "" = F:\.\KONY2MLT.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/12 17:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Desktop\AOL Saved PFC
[2011/09/12 16:53:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/12 16:29:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/09/06 22:35:26 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/06 13:51:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carl\Recent
[2011/09/04 19:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\Temp
[2011/09/04 16:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/04 16:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/04 16:44:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/09/04 16:34:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/04 16:34:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/04 16:34:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/09/03 04:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/20 13:46:52 | 000,331,776 | ---- | C] (EasyTech) -- C:\WINDOWS\System32\EasyRedirect.dll
[2011/08/18 13:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\.autobahn
[2011/08/18 13:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn
[2010/10/18 15:10:58 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Carl\Application Data\pcouffin.sys
[2005/10/30 12:15:51 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005/10/30 12:15:51 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/12 17:46:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1879550682-150560649-2092195097-1005UA.job
[2011/09/12 17:25:41 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/09/12 12:46:07 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1879550682-150560649-2092195097-1005Core.job
[2011/09/12 11:38:02 | 131,964,156 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/12 11:30:10 | 000,260,064 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/09/12 11:26:12 | 000,003,153 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2011/09/12 11:25:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/12 11:25:23 | 2146,922,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/10 13:33:30 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/10 13:33:30 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/09 18:30:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DF32MM81-Carl).job
[2011/09/06 22:35:26 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/06 21:19:33 | 000,001,188 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2011/09/04 17:15:48 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/04 16:39:41 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/04 10:52:44 | 000,000,106 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\netstat.bat
[2011/09/04 10:11:02 | 006,912,054 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\mafia error.bmp
[2011/09/03 15:46:51 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 15:46:47 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Google Chrome.lnk
[2011/09/03 11:34:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/03 04:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/25 11:44:04 | 000,002,544 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/08/25 11:44:04 | 000,001,248 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/08/20 14:11:37 | 000,001,054 | ---- | M] () -- C:\Documents and Settings\Carl\Start Menu\Programs\Startup\NexDef Plug-in.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/12 17:25:41 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/09/06 21:19:33 | 000,001,188 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2011/09/04 17:15:48 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/04 17:15:46 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/04 10:10:58 | 006,912,054 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\mafia error.bmp
[2011/09/03 12:43:47 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\netstat.bat
[2011/08/20 14:11:37 | 000,001,054 | ---- | C] () -- C:\Documents and Settings\Carl\Start Menu\Programs\Startup\NexDef Plug-in.lnk
[2011/08/20 13:47:27 | 000,002,544 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/08/20 13:47:27 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/04/23 01:07:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/23 01:07:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/17 15:00:21 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2010/12/01 02:33:08 | 000,000,287 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\ANICONFIG_{6A7F0FD1-17A6-48DB-B3CA-93A29AEFD5B7}.ini
[2010/11/29 13:29:19 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/10/18 15:10:58 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\inst.exe
[2010/10/18 15:10:58 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\pcouffin.cat
[2010/10/18 15:10:58 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\pcouffin.inf
[2010/05/15 00:51:28 | 000,034,208 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/04 10:58:41 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\avformat-50.dll
[2009/11/04 10:58:41 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll
[2009/11/04 10:58:40 | 001,984,512 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll
[2008/07/14 16:25:29 | 000,003,153 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2008/07/14 16:25:26 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2008/07/14 16:25:26 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2008/05/24 16:53:59 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WKDOS.EXE
[2008/05/24 16:53:46 | 000,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll
[2008/05/24 13:52:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2008/05/01 22:42:01 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/01 22:42:01 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/01 22:42:01 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/01 22:42:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/04/29 23:38:18 | 000,000,144 | ---- | C] () -- C:\WINDOWS\DemaDivxFix.ini
[2007/10/23 00:01:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/08/11 23:08:40 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/06/20 17:05:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2006/04/25 00:58:22 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2006/04/14 23:19:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/04/07 21:04:41 | 000,000,463 | ---- | C] () -- C:\WINDOWS\EAGRAPH.INI
[2006/01/21 17:17:29 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/01/17 21:52:25 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/01/17 21:51:54 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2006/01/17 21:51:40 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/12/20 11:38:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/12 19:20:55 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\com.kennettnet.PodUtil.plist
[2005/11/27 00:38:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/11/11 20:59:20 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/11/09 07:13:02 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/11/03 01:17:26 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/03 01:17:26 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\E1BD78D787.sys
[2005/10/30 17:13:47 | 000,002,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/24 00:38:42 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/24 00:23:45 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/21 19:24:58 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\PFP120JPR.{PB
[2005/10/21 19:24:58 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\PFP120JCM.{PB
[2005/10/21 15:19:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/10/21 00:06:16 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\fusioncache.dat
[2005/10/11 16:41:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/11 16:34:34 | 000,000,966 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/11 16:31:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/11 16:27:07 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/10/11 16:01:06 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2005/10/11 16:01:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2005/10/11 16:01:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/10/11 16:00:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/11 16:00:50 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/10/11 15:59:56 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/12 09:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/22 18:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/19 15:20:39 | 000,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 15:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 15:03:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 15:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 14:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 14:57:07 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 14:49:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 14:49:47 | 000,382,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 14:49:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 14:49:47 | 000,053,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 14:49:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 14:49:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 14:49:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 14:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 14:49:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 14:49:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 14:49:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 14:49:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/12 07:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AEA6AF9

< End of report >

Edited by craziecomputer, 12 September 2011 - 06:14 PM.

#5
Dakeyras

Posted 13 September 2011 - 03:09 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

I use the McAfee SecurityCenter for its firewall only. McAfee Antivirus is uninstalled.

Fair play, I do not think that will be a problem...if it is we can always remove it and at a later date I can provide advice about a different third party software firewall.

I am still working on deleting files to get more space.

OK keep on doing this as until you do have sufficient free space. Otherwise it is going to cause problems for myself to be able to actually assist you correctly.

Did you encounter any problems uninstalling the software I advised at all? As it appears elements of some are still present according to the new OTL log. Though this may be due to the current extreme lack of actual free hard-drive space, as in caused some issues.

Also do please answer my prior query about the installed AOL software.

In the mean time carry out the below please...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please go here and download ERUNT.
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double-click on erunt-setup.exe to Install ERUNT by following the prompts.
Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

firewall.cpl

Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select Off(not recommended) >> OK.

Note: No need for it to be active after the reset becuse you have the McAfee Personal Firewall Plus.

Next:

Let myself know when completed the above and you have actually created more free hard-drive space. Also please do answer my questions and we will go from there, thank you.

#6
craziecomputer

Posted 13 September 2011 - 03:55 PM

Member

Topic Starter
Member
26 posts

Ok deleted/moved a few files got 20.9 gb free now. I do not use the AOL stuff, thought I deleted it. I couldn't find the Internet Explorer Default Page in add/remove programs, but all others were uninstalled without a problem. I saw that there is still some stuff there so I restarted again, but it is still there.
I was thinking of getting Zonealarm instead of McAfee, but didn't.

Registry backup complete and reset SP3 firewall complete.

Thanks for your help.

#7
Dakeyras

Posted 14 September 2011 - 01:35 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Ok deleted/moved a few files got 20.9 gb free now. I do not use the AOL stuff, thought I deleted it.

OK.

I couldn't find the Internet Explorer Default Page in add/remove programs

Not a problem, we can address this in due course.

all others were uninstalled without a problem. I saw that there is still some stuff there so I restarted again, but it is still there.

Also not a problem, can be addressed etc.

I was thinking of getting Zonealarm instead of McAfee, but didn't.

Glad you did not. The vendor actually employs fositware type tactics these days as in all installations come with unwanted third party software that has undesirable characteristics. Now if you do wish to change the third party software firewall to another let myself know...however we will address this last of all as installing a new one creates major changes to a system that will actually hinder the Malware Removal process. So that is why best to carry out such last of all.

Registry backup complete and reset SP3 firewall complete.

Thanks for your help.

Good and you're most welcome!

Now I require a fresh look at your system so I am better able to advice the next course of action as follows...

Please delete your current version of OTL, it can be found in your downloads folder here:-

C:\Documents and Settings\Carl\My Documents\Downloads\OTL.exe

Then empty the Recycle Bin.

Re-scan with OTL:

Please download OTL and save it to your Desktop. <-- Ensure the executable is on the Desktop.

Alternate downloads are here and here.

Double-click on OTL.exe to start OTL.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

#8
craziecomputer

Posted 14 September 2011 - 12:25 PM

Member

Topic Starter
Member
26 posts

Computer is running ok. I get waiting for plugin AVG security or flash or an unknown plugin using google chrome. Other than that everything seems ok. Also my computer just did a Windows update.

OTL logfile created on: 9/14/2011 11:50:22 AM - Run 4
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Carl\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 51.87% Memory free
3.35 Gb Paging File | 2.43 Gb Available in Paging File | 72.64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.46 Gb Total Space | 20.91 Gb Free Space | 23.64% Space Free | Partition Type: NTFS

Computer Name: DF32MM85 | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Carl\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\nexdef.exe ()
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\Runservice.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe (McAfee Security)
PRC - c:\Program Files\McAfee.com\Agent\Mcdetect.exe (McAfee, Inc)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
PRC - c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll ()
MOD - C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\Locales\en-US.dll ()
MOD - C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avutil-50.dll ()
MOD - C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avformat-52.dll ()
MOD - C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avcodec-52.dll ()
MOD - C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gcswf32.dll ()
MOD - C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\rt\jetrt\baseline720.dll ()
MOD - C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\rt\bin\java.dll ()
MOD - C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\nexdef.exe ()
MOD - C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\rt\bin\zip.dll ()
MOD - C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\rt\bin\jetvm\jvm.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7d563cc2\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_9e9d2691\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bf8112e1\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll ()
MOD - C:\WINDOWS\mmfs.dll ()
MOD - C:\WINDOWS\Runservice.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\acAuth.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (LicCtrlService) -- C:\WINDOWS\Runservice.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (MpfService) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
SRV - (McDetect.exe) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe (McAfee, Inc)
SRV - (McTskshd.exe) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
SRV - (mcupdmgr.exe) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)

========== Driver Services (SafeList) ==========

DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (MPFIREWL) -- C:\WINDOWS\system32\drivers\MpFirewall.sys (McAfee)
DRV - (BCOREUSB) -- C:\WINDOWS\system32\drivers\BCOREUSB.sys (CSR)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (AngelUsb) -- C:\WINDOWS\system32\drivers\AngelUsb.sys (Emuzed, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\Wibukey.sys (WIBU-SYSTEMS AG)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1879550682-150560649-2092195097-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1879550682-150560649-2092195097-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1879550682-150560649-2092195097-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 09:08:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/04 16:59:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/04 17:15:46 | 000,000,000 | ---D | M]

[2008/09/23 23:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Extensions
[2011/07/20 17:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\mphl9xe6.default\extensions
[2009/01/05 23:14:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\mphl9xe6.default\extensions\[email protected]
[2011/09/04 16:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/15 21:35:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/13 16:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/04 16:34:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2009/03/16 11:34:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/03 01:07:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/05/05 17:18:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/07/11 16:13:31 | 000,464,723 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost.localdomain
O1 - Hosts: 127.0.0.1 sitefinder.Verisign.com # Verisign has joined the game
O1 - Hosts: 127.0.0.1 sitefinder-idn.Verisign.com # of trying to hijack mistyped
O1 - Hosts: 127.0.0.1 # URLs to their site.
O1 - Hosts: 127.0.0.1 ad.doubleclick.net # This may interefere with www.sears.com
O1 - Hosts: 127.0.0.1 # and potentially other sites.
O1 - Hosts: 127.0.0.1 media.fastclick.net # Likewise, this may interefer with some
O1 - Hosts: 127.0.0.1 # sites.
O1 - Hosts: 127.0.0.1 #up CSS on livejournal
O1 - Hosts: 127.0.0.1 # problems with NPR.org
O1 - Hosts: 127.0.0.1 06272002-dbase.hitcountz.net # Web bugs in spam
O1 - Hosts: 127.0.0.1 123counter.mycomputer.com
O1 - Hosts: 127.0.0.1 123counter.superstats.com
O1 - Hosts: 127.0.0.1 1ca.cqcounter.com
O1 - Hosts: 127.0.0.1 1uk.cqcounter.com
O1 - Hosts: 127.0.0.1 1us.cqcounter.com
O1 - Hosts: 127.0.0.1 2001-007.com
O1 - Hosts: 127.0.0.1 4-counter.com
O1 - Hosts: 127.0.0.1 abscbn.spinbox.net
O1 - Hosts: 127.0.0.1 activity.serving-sys.com #eyeblaster.com
O1 - Hosts: 127.0.0.1 ad-logics.com
O1 - Hosts: 127.0.0.1 adclient.rottentomatoes.com
O1 - Hosts: 127.0.0.1 adcodes.aim4media.com
O1 - Hosts: 127.0.0.1 adcounter.globeandmail.com
O1 - Hosts: 15389 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-1879550682-150560649-2092195097-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1879550682-150560649-2092195097-1005..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Carl\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn\nexdef.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1879550682-150560649-2092195097-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_27.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Documents%20and%20Settings/Carl/My%20Documents/My%20Videos/Pirates/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} http://mvod.web.aol..../ServiceMgr.CAB (ZtServiceManager Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} Reg Error: Value error. (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} Reg Error: Value error. (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F0C4D29-8291-4F57-B7D6-C0C4E4F95C0E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAB6C42-52FD-4EC4-BFFF-F80981DD3818}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Carl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 15:07:14 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{390dd31f-513a-11dd-8211-0010c69d8c42}\Shell - "" = AutoRun
O33 - MountPoints2\{390dd31f-513a-11dd-8211-0010c69d8c42}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{390dd31f-513a-11dd-8211-0010c69d8c42}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{5002072d-63d0-11da-8527-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{5002072d-63d0-11da-8527-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5002072d-63d0-11da-8527-00038a000015}\Shell\AutoRun\command - "" = F:\.\KONY2MLT.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/14 11:47:55 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
[2011/09/13 15:44:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/13 15:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/13 15:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/12 17:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Desktop\AOL Saved PFC
[2011/09/06 22:35:26 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/06 13:51:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carl\Recent
[2011/09/04 19:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\Temp
[2011/09/04 16:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/04 16:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/04 16:44:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/09/04 16:34:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/04 16:34:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/04 16:34:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/09/03 04:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/20 13:46:52 | 000,331,776 | ---- | C] (EasyTech) -- C:\WINDOWS\System32\EasyRedirect.dll
[2011/08/18 13:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\.autobahn
[2011/08/18 13:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\Autobahn
[2010/10/18 15:10:58 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Carl\Application Data\pcouffin.sys
[2005/10/30 12:15:51 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005/10/30 12:15:51 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/14 11:47:56 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
[2011/09/14 11:46:39 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1879550682-150560649-2092195097-1005UA.job
[2011/09/14 11:46:23 | 132,196,299 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/14 11:39:25 | 000,260,064 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/09/14 11:35:35 | 000,003,153 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2011/09/14 11:35:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/14 11:35:08 | 2146,922,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/13 15:43:43 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\NTREGOPT.lnk
[2011/09/13 15:43:43 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\ERUNT.lnk
[2011/09/13 15:37:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/13 13:37:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/13 12:46:13 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1879550682-150560649-2092195097-1005Core.job
[2011/09/12 17:25:41 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/09/10 13:33:30 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/10 13:33:30 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/09 18:30:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DF32MM81-Carl).job
[2011/09/09 03:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/06 22:35:26 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/06 21:19:33 | 000,001,188 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2011/09/04 17:15:48 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/04 16:39:41 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/04 10:52:44 | 000,000,106 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\netstat.bat
[2011/09/04 10:11:02 | 006,912,054 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\mafia error.bmp
[2011/09/03 15:46:51 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 15:46:47 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Google Chrome.lnk
[2011/08/25 11:44:04 | 000,002,544 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/08/25 11:44:04 | 000,001,248 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/08/20 14:11:37 | 000,001,054 | ---- | M] () -- C:\Documents and Settings\Carl\Start Menu\Programs\Startup\NexDef Plug-in.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/13 15:43:43 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\NTREGOPT.lnk
[2011/09/13 15:43:43 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\ERUNT.lnk
[2011/09/12 17:25:41 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/09/07 03:05:50 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/06 21:19:33 | 000,001,188 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2011/09/04 17:15:48 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/04 17:15:46 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/04 10:10:58 | 006,912,054 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\mafia error.bmp
[2011/09/03 12:43:47 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\netstat.bat
[2011/08/20 14:11:37 | 000,001,054 | ---- | C] () -- C:\Documents and Settings\Carl\Start Menu\Programs\Startup\NexDef Plug-in.lnk
[2011/08/20 13:47:27 | 000,002,544 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/08/20 13:47:27 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/04/23 01:07:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/23 01:07:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/17 15:00:21 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2010/12/01 02:33:08 | 000,000,287 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\ANICONFIG_{6A7F0FD1-17A6-48DB-B3CA-93A29AEFD5B7}.ini
[2010/11/29 13:29:19 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/10/18 15:10:58 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\inst.exe
[2010/10/18 15:10:58 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\pcouffin.cat
[2010/10/18 15:10:58 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\pcouffin.inf
[2010/05/15 00:51:28 | 000,034,208 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/04 10:58:41 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\avformat-50.dll
[2009/11/04 10:58:41 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll
[2009/11/04 10:58:40 | 001,984,512 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll
[2008/07/14 16:25:29 | 000,003,153 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2008/07/14 16:25:26 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2008/07/14 16:25:26 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2008/05/24 16:53:59 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WKDOS.EXE
[2008/05/24 16:53:46 | 000,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll
[2008/05/24 13:52:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2008/05/01 22:42:01 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/01 22:42:01 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/01 22:42:01 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/01 22:42:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/04/29 23:38:18 | 000,000,144 | ---- | C] () -- C:\WINDOWS\DemaDivxFix.ini
[2007/10/23 00:01:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/08/11 23:08:40 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/06/20 17:05:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2006/04/25 00:58:22 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2006/04/14 23:19:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/04/07 21:04:41 | 000,000,463 | ---- | C] () -- C:\WINDOWS\EAGRAPH.INI
[2006/01/21 17:17:29 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/01/17 21:52:25 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/01/17 21:51:54 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2006/01/17 21:51:40 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/12/20 11:38:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/12 19:20:55 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\com.kennettnet.PodUtil.plist
[2005/11/27 00:38:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/11/11 20:59:20 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/11/09 07:13:02 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/11/03 01:17:26 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/03 01:17:26 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\E1BD78D787.sys
[2005/10/30 17:13:47 | 000,002,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/24 00:38:42 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/24 00:23:45 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/21 19:24:58 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\PFP120JPR.{PB
[2005/10/21 19:24:58 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\PFP120JCM.{PB
[2005/10/21 15:19:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/10/21 00:06:16 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\fusioncache.dat
[2005/10/11 16:41:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/11 16:34:34 | 000,000,966 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/11 16:31:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/11 16:27:07 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/10/11 16:01:06 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2005/10/11 16:01:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2005/10/11 16:01:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/10/11 16:00:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/11 16:00:50 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/10/11 15:59:56 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/12 09:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/22 18:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/19 15:20:39 | 000,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 15:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 15:03:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 15:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 14:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 14:57:07 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 14:49:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 14:49:47 | 000,382,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 14:49:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 14:49:47 | 000,053,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 14:49:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 14:49:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 14:49:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 14:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 14:49:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 14:49:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 14:49:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 14:49:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/12 07:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AEA6AF9

< End of report >

#9
craziecomputer

Posted 14 September 2011 - 12:26 PM

Member

Topic Starter
Member
26 posts

OTL Extras logfile created on: 9/14/2011 11:50:22 AM - Run 4
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Carl\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 51.87% Memory free
3.35 Gb Paging File | 2.43 Gb Available in Paging File | 72.64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.46 Gb Total Space | 20.91 Gb Free Space | 23.64% Space Free | Partition Type: NTFS

Computer Name: DF32MM85 | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1879550682-150560649-2092195097-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 27
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}" = Motorola PST
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E07C71A6-1576-4F7F-8856-B1C439E669AC}" = MotionDV STUDIO 5.6E LE for DV
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AsfTools_is1" = AsfTools 2.30
"ATI Display Driver" = ATI Display Driver
"Autobahn" = NexDef Plug-in
"AVG" = AVG 2011
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.2.2 (01/10/2010)
"DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.2.0.8 Beta
"ERUNT_is1" = ERUNT 1.1j
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus
"Mcafee SecurityCenter" = McAfee SecurityCenter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Out of the Park Baseball12" = Out of the Park Baseball 12
"PodUtil_is1" = PodUtil 2.7.1
"ProInst" = Intel® PROSet/Wireless Software
"PSL2 Plugin" = PSL2 Plugin
"RealPlayer 6.0" = RealPlayer
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1879550682-150560649-2092195097-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/7/2011 10:29:42 PM | Computer Name = DF32MM85 | Source = ESENT | ID = 490
Description = svchost (2032) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/10/2011 3:33:42 PM | Computer Name = DF32MM85 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/11/2011 1:34:09 AM | Computer Name = DF32MM85 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 13.0.782.220, fault address 0x009a9073.

Error - 9/11/2011 1:34:14 AM | Computer Name = DF32MM85 | Source = Application Error | ID = 1001
Description = Fault bucket -1702293234.

Error - 9/14/2011 1:53:39 PM | Computer Name = DF32MM85 | Source = ESENT | ID = 490
Description = svchost (1888) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/14/2011 1:53:41 PM | Computer Name = DF32MM85 | Source = ESENT | ID = 490
Description = svchost (1888) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/14/2011 1:53:42 PM | Computer Name = DF32MM85 | Source = ESENT | ID = 490
Description = svchost (1888) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/14/2011 1:53:43 PM | Computer Name = DF32MM85 | Source = ESENT | ID = 490
Description = svchost (1888) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/14/2011 1:53:53 PM | Computer Name = DF32MM85 | Source = ESENT | ID = 490
Description = svchost (1888) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/14/2011 1:53:54 PM | Computer Name = DF32MM85 | Source = ESENT | ID = 490
Description = svchost (1888) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 9/11/2011 1:23:40 AM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 9/11/2011 1:23:40 AM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 9/11/2011 2:04:31 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus

Error - 9/12/2011 1:29:03 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus

Error - 9/12/2011 8:01:42 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus Lbd SASKUTIL

Error - 9/13/2011 11:33:36 AM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus Lbd SASKUTIL

Error - 9/13/2011 1:38:11 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus Lbd SASKUTIL

Error - 9/13/2011 4:47:45 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus Lbd SASKUTIL

Error - 9/14/2011 1:09:29 AM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus Lbd SASKUTIL

Error - 9/14/2011 1:38:10 PM | Computer Name = DF32MM85 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
d347bus Lbd SASKUTIL

< End of report >

#10
Dakeyras

Posted 15 September 2011 - 03:12 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Computer is running ok. I get waiting for plugin AVG security or flash or an unknown plugin using google chrome. Other than that everything seems ok. Also my computer just did a Windows update.

OK and thanks for the update.

Next:

Please download this removal tool for SUPERAntiSpyware to the Desktop.

Double click on SASUNINST.exe >> follow the prompts >> reboot your machine when prompted.

Custom OTL Script:

Double-click OTL.exe to start the program.
Copy the lines from the Quote box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
[2010/09/15 21:35:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/13 16:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/04 16:34:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2009/03/16 11:34:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_27.dll (Sun Microsystems, Inc.)
O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} http://mvod.web.aol..../ServiceMgr.CAB (ZtServiceManager Class)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} Reg Error: Value error. (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} Reg Error: Value error. (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O33 - MountPoints2\{5002072d-63d0-11da-8527-00038a000015}\Shell\AutoRun\command - "" = F:\.\KONY2MLT.EXE
[2011/09/06 22:35:26 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/04 16:34:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/04 16:34:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/04 16:34:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AEA6AF9

:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*
C:\PROGRAM FILES\JAVA

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}"=-
"{4A03706F-666A-4037-7777-5F2748764D10}"=-
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Default Page]

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Launch the application, Check for Updates >> Perform quick scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Check Hard Disk For Errors:

Click on Start >> Run..., then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.
checkhd.txt

#11
craziecomputer

Posted 15 September 2011 - 04:24 PM

Member

Topic Starter
Member
26 posts

No new symptoms or problems. Startup is slow, but its been like that for about 2 weeks now.
OTL log here. checkhd.txt and Malwarebytes log in next post.

All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
C:\Program Files\Java\jre6\bin\npjpi160_27.dll moved successfully.
Starting removal of ActiveX control {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A}
C:\WINDOWS\Downloaded Program Files\ServiceMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A}\ not found.
Starting removal of ActiveX control {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F63D44B-6274-4D60-8AB1-CAA7116B8AF3}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F63D44B-6274-4D60-8AB1-CAA7116B8AF3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F63D44B-6274-4D60-8AB1-CAA7116B8AF3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F63D44B-6274-4D60-8AB1-CAA7116B8AF3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F63D44B-6274-4D60-8AB1-CAA7116B8AF3}\ not found.
Starting removal of ActiveX control {7030CC6C-1A88-4591-BB5A-651B9F7F0C30}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7030CC6C-1A88-4591-BB5A-651B9F7F0C30}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7030CC6C-1A88-4591-BB5A-651B9F7F0C30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7030CC6C-1A88-4591-BB5A-651B9F7F0C30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7030CC6C-1A88-4591-BB5A-651B9F7F0C30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7030CC6C-1A88-4591-BB5A-651B9F7F0C30}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5002072d-63d0-11da-8527-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5002072d-63d0-11da-8527-00038a000015}\ not found.
File F:\.\KONY2MLT.EXE not found.
C:\WINDOWS\system32\drivers\SBREDrv.sys moved successfully.
C:\WINDOWS\system32\javaws.exe moved successfully.
C:\WINDOWS\system32\javaw.exe moved successfully.
C:\WINDOWS\system32\java.exe moved successfully.
C:\WINDOWS\003067_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\vso\en-us\us\aolcfg.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\vso\en-us\us folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\vso\en-us folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\vso\46774678.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\vso\mcdelta.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\vso folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\temp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\shared\agent.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\shared\mcunilib.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\shared\mghtml.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\shared folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\agentins.inf deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\agentins.ui deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\AgentVer.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\AgntIcfg.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\AGOEMVER.INI deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\McAppIns.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\mcappins.inf deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\mcinsres.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\mcuninst.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\Uninst.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\uninst.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\VsCfgIns.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\vsocfg.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\vsoins.inf deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\vsoins.ui deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp\VsoVer.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAC3.tmp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\vso\en-us\us\aolcfg.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\vso\en-us\us folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\vso\en-us folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\vso\46774678.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\vso\mcdelta.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\vso folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\temp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\shared\agent.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\shared\mcunilib.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\shared\mghtml.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\shared folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\agentins.inf deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\agentins.ui deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\AgentVer.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\AgntIcfg.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\AGOEMVER.INI deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\McAppIns.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\mcappins.inf deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\mcinsres.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\mcuninst.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\Uninst.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\uninst.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\VsCfgIns.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\vsocfg.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\vsoins.inf deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\vsoins.ui deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp\VsoVer.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCAD1.tmp folder deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\LOG7A.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3AEA6AF9 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Carl\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Carl\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\1XCONFIG.EXE-1D5E92C4.pf moved successfully.
C:\WINDOWS\prefetch\AAWTRAY.EXE-20780BC6.pf moved successfully.
C:\WINDOWS\prefetch\ADOBE GAMMA LOADER.EXE-2926B5EA.pf moved successfully.
C:\WINDOWS\prefetch\ADOBEARM.EXE-00A55D68.pf moved successfully.
C:\WINDOWS\prefetch\AGENT.EXE-00ED4190.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-275708CF.pf moved successfully.
C:\WINDOWS\prefetch\APNTEX.EXE-07D7E94A.pf moved successfully.
C:\WINDOWS\prefetch\APOINT.EXE-03E36C22.pf moved successfully.
C:\WINDOWS\prefetch\APPLEMOBILEDEVICESERVICE.EXE-0A278840.pf moved successfully.
C:\WINDOWS\prefetch\ATI2EVXX.EXE-07A42849.pf moved successfully.
C:\WINDOWS\prefetch\ATIPRBXX.EXE-2DA84FA2.pf moved successfully.
C:\WINDOWS\prefetch\ATIPTAXX.EXE-19794D05.pf moved successfully.
C:\WINDOWS\prefetch\AVGCHSVX.EXE-295C373E.pf moved successfully.
C:\WINDOWS\prefetch\AVGCSRVX.EXE-0A36B979.pf moved successfully.
C:\WINDOWS\prefetch\AVGDIAGEX.EXE-3A88F614.pf moved successfully.
C:\WINDOWS\prefetch\AVGIDSAGENT.EXE-06AAEFAE.pf moved successfully.
C:\WINDOWS\prefetch\AVGIDSMONITOR.EXE-355BD51F.pf moved successfully.
C:\WINDOWS\prefetch\AVGMFAPX.EXE-268B4A8E.pf moved successfully.
C:\WINDOWS\prefetch\AVGNSX.EXE-180CA415.pf moved successfully.
C:\WINDOWS\prefetch\AVGRSX.EXE-07784E58.pf moved successfully.
C:\WINDOWS\prefetch\AVGSCANX.EXE-2579EF3A.pf moved successfully.
C:\WINDOWS\prefetch\AVGSRMAX.EXE-0CCC9D9C.pf moved successfully.
C:\WINDOWS\prefetch\AVGTRAY.EXE-1C1D9393.pf moved successfully.
C:\WINDOWS\prefetch\AVGWDSVC.EXE-27E272A1.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-237631BB.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-237631BE.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-237631BF.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-237631C2.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf moved successfully.
C:\WINDOWS\prefetch\CONCENTR.EXE-0DCCB317.pf moved successfully.
C:\WINDOWS\prefetch\CSRSS.EXE-22452D1B.pf moved successfully.
C:\WINDOWS\prefetch\CTFMON.EXE-05E57A5E.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-2858C7E2.pf moved successfully.
C:\WINDOWS\prefetch\DFRGNTFS.EXE-38C3807C.pf moved successfully.
C:\WINDOWS\prefetch\DLLHOST.EXE-474D72E6.pf moved successfully.
C:\WINDOWS\prefetch\DSAGNT.EXE-2DA183E7.pf moved successfully.
C:\WINDOWS\prefetch\DSC.EXE-1F2719A1.pf moved successfully.
C:\WINDOWS\prefetch\DSCA.EXE-17657079.pf moved successfully.
C:\WINDOWS\prefetch\DVDLAUNCHER.EXE-1E7A529B.pf moved successfully.
C:\WINDOWS\prefetch\EHMSAS.EXE-1E4CE886.pf moved successfully.
C:\WINDOWS\prefetch\EHREC.EXE-2365F918.pf moved successfully.
C:\WINDOWS\prefetch\EHRECVR.EXE-20A109D9.pf moved successfully.
C:\WINDOWS\prefetch\EHSCHED.EXE-1E7EF345.pf moved successfully.
C:\WINDOWS\prefetch\EHTRAY.EXE-337AC592.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT-SETUP.EXE-12FD5489.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT.EXE-23218E37.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf moved successfully.
C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf moved successfully.
C:\WINDOWS\prefetch\FIXCFG.EXE-252306B6.pf moved successfully.
C:\WINDOWS\prefetch\FXSSVC.EXE-140862E7.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-13BCE236.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-2A522772.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-1C192440.pf moved successfully.
C:\WINDOWS\prefetch\IFRMEWRK.EXE-02DE6F7E.pf moved successfully.
C:\WINDOWS\prefetch\IPCONFIG.EXE-05D7908C.pf moved successfully.
C:\WINDOWS\prefetch\IPODSERVICE.EXE-37043579.pf moved successfully.
C:\WINDOWS\prefetch\IS-12SOM.TMP-0111FFCF.pf moved successfully.
C:\WINDOWS\prefetch\ISSCH.EXE-3AC1D446.pf moved successfully.
C:\WINDOWS\prefetch\ISUSPM.EXE-0FE4BBE2.pf moved successfully.
C:\WINDOWS\prefetch\ISUSPM.EXE-2D1ACA75.pf moved successfully.
C:\WINDOWS\prefetch\ITUNESHELPER.EXE-0A1B0F2C.pf moved successfully.
C:\WINDOWS\prefetch\JQS.EXE-31B60334.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGI_MWX.EXE-2A67FE85.pf moved successfully.
C:\WINDOWS\prefetch\LOGON.SCR-24ADF392.pf moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-312BE1BF.pf moved successfully.
C:\WINDOWS\prefetch\LSASS.EXE-306A65C3.pf moved successfully.
C:\WINDOWS\prefetch\MCAGENT.EXE-078CB866.pf moved successfully.
C:\WINDOWS\prefetch\MCDETECT.EXE-23D2301D.pf moved successfully.
C:\WINDOWS\prefetch\MCINFO.EXE-31F69FA8.pf moved successfully.
C:\WINDOWS\prefetch\MCRDSVC.EXE-05390B47.pf moved successfully.
C:\WINDOWS\prefetch\MCTSKSHD.EXE-26071B75.pf moved successfully.
C:\WINDOWS\prefetch\MCUPDATE.EXE-1F02B9C6.pf moved successfully.
C:\WINDOWS\prefetch\MCUPDATE.EXE-32479339.pf moved successfully.
C:\WINDOWS\prefetch\MDNSRESPONDER.EXE-1E0EA707.pf moved successfully.
C:\WINDOWS\prefetch\MOTOCONNECT.EXE-13B2B19F.pf moved successfully.
C:\WINDOWS\prefetch\MOTOCONNECTSERVICE.EXE-34F63BD0.pf moved successfully.
C:\WINDOWS\prefetch\MPFAGENT.EXE-03CC93F4.pf moved successfully.
C:\WINDOWS\prefetch\MPFSERVICE.EXE-04A4CDF2.pf moved successfully.
C:\WINDOWS\prefetch\MPFTRAY.EXE-27706105.pf moved successfully.
C:\WINDOWS\prefetch\MPFWIZARD.EXE-30362FCE.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-330626DC.pf moved successfully.
C:\WINDOWS\prefetch\NEXDEF.EXE-30DDAD5F.pf moved successfully.
C:\WINDOWS\prefetch\NICCONFIGSVC.EXE-23C92DD0.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2DAE2DE6.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\OSA.EXE-28494AD2.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-1FBDDE94.pf moved successfully.
C:\WINDOWS\prefetch\PLUGIN-CONTAINER.EXE-0EB365FC.pf moved successfully.
C:\WINDOWS\prefetch\QTTASK.EXE-1876A1A1.pf moved successfully.
C:\WINDOWS\prefetch\READER_SL.EXE-2B5A751D.pf moved successfully.
C:\WINDOWS\prefetch\REALSCHED.EXE-0948A6AF.pf moved successfully.
C:\WINDOWS\prefetch\REGSRVC.EXE-1A4FEDDE.pf moved successfully.
C:\WINDOWS\prefetch\RTWLAN.EXE-0E6FD18F.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3B866543.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-4532DDE6.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5830CCA7.pf moved successfully.
C:\WINDOWS\prefetch\RUNSERVICE.EXE-33BBD2DC.pf moved successfully.
C:\WINDOWS\prefetch\SASCORE.EXE-39EC1F08.pf moved successfully.
C:\WINDOWS\prefetch\SASUNINST.EXE-1B58F3B4.pf moved successfully.
C:\WINDOWS\prefetch\SERVICES.EXE-3019B50A.pf moved successfully.
C:\WINDOWS\prefetch\SMSS.EXE-22CBE0EE.pf moved successfully.
C:\WINDOWS\prefetch\SPOOLSV.EXE-3A613CE3.pf moved successfully.
C:\WINDOWS\prefetch\SPRTCMD.EXE-19C0DA25.pf moved successfully.
C:\WINDOWS\prefetch\SPRTSVC.EXE-23F453D5.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-2D5FBD18.pf moved successfully.
C:\WINDOWS\prefetch\TASKMGR.EXE-06144C13.pf moved successfully.
C:\WINDOWS\prefetch\TFSWCTRL.EXE-2D67C816.pf moved successfully.
C:\WINDOWS\prefetch\UBBMONITOR.EXE-0270D16C.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-26701FD6.pf moved successfully.
C:\WINDOWS\prefetch\USERINIT.EXE-0743FDA9.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf moved successfully.
C:\WINDOWS\prefetch\WDBTNMGR.EXE-2DAD3A0B.pf moved successfully.
C:\WINDOWS\prefetch\WFCRUN32.EXE-24072779.pf moved successfully.
C:\WINDOWS\prefetch\WGATRAY.EXE-350D4455.pf moved successfully.
C:\WINDOWS\prefetch\WINLOGON.EXE-0957F9B2.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-1ACCF80C.pf moved successfully.
C:\WINDOWS\prefetch\WSCRIPT.EXE-0C5C5251.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf moved successfully.
C:\WINDOWS\prefetch\ZCFGSVC.EXE-3A532485.pf moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\SystemV folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\Pacific folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\Indian folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\Europe folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\Etc folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\Australia folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\Atlantic folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\Asia folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\Antarctica folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\America\North_Dakota folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\America\Kentucky folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\America\Indiana folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\America\Argentina folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\America folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi\Africa folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\zi folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\servicetag folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\security folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\management folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\images\cursors folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\images folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\im folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\i386 folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\fonts folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\ext folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\deploy\jqs\ie folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\deploy\jqs folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\deploy folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\cmm folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\audio folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib\applet folder moved successfully.
C:\PROGRAM FILES\Java\jre6\lib folder moved successfully.
C:\PROGRAM FILES\Java\jre6\bin\new_plugin folder moved successfully.
C:\PROGRAM FILES\Java\jre6\bin\client folder moved successfully.
C:\PROGRAM FILES\Java\jre6\bin folder moved successfully.
C:\PROGRAM FILES\Java\jre6 folder moved successfully.
C:\PROGRAM FILES\Java\j2re1.4.2_03\lib\ext folder moved successfully.
C:\PROGRAM FILES\Java\j2re1.4.2_03\lib folder moved successfully.
C:\PROGRAM FILES\Java\j2re1.4.2_03 folder moved successfully.
C:\PROGRAM FILES\Java folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{26A24AE4-039D-4CA4-87B4-2F83216012FF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A24AE4-039D-4CA4-87B4-2F83216012FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{4A03706F-666A-4037-7777-5F2748764D10} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A03706F-666A-4037-7777-5F2748764D10}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Default Page\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Carl
->Flash cache emptied: 14167 bytes

User: Default User

User: LocalService
->Flash cache emptied: 300 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 81 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Carl
->Temp folder emptied: 236411548 bytes
->Temporary Internet Files folder emptied: 707942 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51623873 bytes
->Google Chrome cache emptied: 289295257 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 947554 bytes
->Temporary Internet Files folder emptied: 1525502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3741775 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 970 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 557.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.28.0 log created on 09152011_112903

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12
craziecomputer

Posted 15 September 2011 - 04:26 PM

Member

Topic Starter
Member
26 posts

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7723

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/15/2011 12:04:27 PM
mbam-log-2011-09-15 (12-04-27).txt

Scan type: Quick scan
Objects scanned: 186587
Time elapsed: 15 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

checkhd.txt
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
for file record segment 159829.
Missing object id index entry or duplicate object id detected
for file record segment 214696.
Missing object id index entry or duplicate object id detected
for file record segment 214698.
Missing object id index entry or duplicate object id detected
for file record segment 214727.
Missing object id index entry or duplicate object id detected
for file record segment 214729.
Deleting index entry nodes.dat in index $I30 of file 53148.
Deleting index entry globalLoadable.bak in index $I30 of file 53151.
Deleting index entry globalLoadable.gdb in index $I30 of file 53151.
Deleting index entry GLOBAL~1.BAK in index $I30 of file 53151.
Deleting index entry GLOBAL~1.GDB in index $I30 of file 53151.

Errors found. CHKDSK cannot continue in read-only mode.

#13
Dakeyras

Posted 16 September 2011 - 02:56 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

No new symptoms or problems. Startup is slow, but its been like that for about 2 weeks now.

OK and thanks for the update, lets proceed as follows shall we...

StartUpLite:

Please download this small application from here.

It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

Click on Start >> Run and type cleanmgr in the box and press OK.

Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
You can choose to check other boxes if you wish but they are not required.
Click on OK then Yes.

Next:-

Click Start >> Run... then type in CMD and click on OK.
At the Command Prompt C:\ > type the following:
CD C:\ and hit the Enter/Return key.
Now type in DEFRAG C: -F
A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
This may take some time, when completed the Command Promtp C:\ > will appear.
Now type in CHKDSK C: /R and hit the Enter/Return key.
When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

Hit the Y key then at the Command Prompt C:\ >
Type in EXIT and and hit the Enter/Return key.
Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go here to run the scan...Click on Scan Now

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Eset Log.

#14
Dakeyras

Posted 19 September 2011 - 03:44 AM

Anti-Malware Mammoth

Expert
9,772 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.