Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

r.looksmart.com has hijacked Google Searches


  • This topic is locked This topic is locked

#1
cjosey

cjosey

    Member

  • Member
  • PipPip
  • 22 posts
(Windows XP)

I already followed the procedures on the "How to fix Google Redirects" page. Backed up registry. Downloaded and ran OTM, Gooredfix and TDSSKiller. The TDSSKiller scan found nothing. But the problem is still happening. I am attaching the txt files that resulted from my previous efforts.

When I do a google search and click on the various search results - it returns all kinds of different sites... Sometimes it links correctly. But mostly it links to weird sites, such as:

http://r.looksmart.c...c.4e669481.2d78

This page just says: <html>403 Forbidden</html>

http://search.us.b00...d=marimba tuner


When I try to get out of the page - it returns some other page.

For example:
http://65.97.58.37/c...nftSHeKQwruNBEs

or

http://www.gossipcen...n=video+gallery


Please help....

CJ

Attached File  09062011_171722.log   4.05KB   30 downloads
Attached File  GooredFix.txt   3.42KB   32 downloads
Attached File  TDSSKiller.2.5.19.0_06.09.2011_17.31.06_log.txt   37.16KB   26 downloads
  • 0

Advertisements


#2
cjosey

cjosey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Also - Firefox is crashing regularly now.
  • 0

#3
cjosey

cjosey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
They have hijacked the links on all Search Engine results, including Yahoo! and Excite.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what you have

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#5
cjosey

cjosey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-08 16:43:09
-----------------------------
16:43:09.265 OS Version: Windows 5.1.2600 Service Pack 3
16:43:09.265 Number of processors: 2 586 0x1706
16:43:09.265 ComputerName: CJ-PC UserName: CJ
16:43:09.843 Initialize success
16:43:30.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:43:30.828 Disk 0 Vendor: SAMSUNG_HD251HJ 1AC01113 Size: 238418MB BusType: 3
16:43:32.859 Disk 0 MBR read successfully
16:43:32.859 Disk 0 MBR scan
16:43:32.859 Disk 0 Windows XP default MBR code
16:43:32.859 Disk 0 scanning sectors +488263545
16:43:32.906 Disk 0 scanning C:\WINDOWS\system32\drivers
16:43:37.875 Service scanning
16:43:38.937 Modules scanning
16:43:43.437 Disk 0 trace - called modules:
16:43:43.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:43:43.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac79ab8]
16:43:43.453 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000074[0x8acbeaa0]
16:43:43.453 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac07940]
16:43:43.453 Scan finished successfully
16:43:57.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\CJ\Desktop\MBR.dat"
16:43:57.062 The log file has been saved successfully to "C:\Documents and Settings\CJ\Desktop\aswMBR.txt"
  • 0

#6
cjosey

cjosey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL Extras logfile created on: 9/8/2011 4:55:12 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\CJ\My Documents\My Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 81.12% Memory free
6.34 Gb Paging File | 5.86 Gb Available in Paging File | 92.46% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 143.35 Gb Free Space | 61.59% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CJ-PC | User Name: CJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1275210071-2139871995-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
"C:\Documents and Settings\CJ\Local Settings\Temp\WZSE1.TMP\EasyInstall\EasyInstall.exe" = C:\Documents and Settings\CJ\Local Settings\Temp\WZSE1.TMP\EasyInstall\EasyInstall.exe:*:Enabled:EasyInstall
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03E27B31-28C0-11D3-8F72-00C04F8DD7E3}" = Clip Art and Symbols
"{03E27B32-28C0-11D3-8F72-00C04F8DD7E3}" = Callouts and Connectors
"{03E27B33-28C0-11D3-8F72-00C04F8DD7E3}" = Borders and Backgrounds
"{04D1D357-39D6-4597-9C05-52279CD652F6}" = WriteExpress 4,001 Business, Sales & Personal Letters
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA
"{1AEB7BA0-53C8-4F0A-0000-00D0B7CE9FA8}" = Software Design
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{26DC3A40-3ECC-11D3-A300-006008A88CA8}" = CAD Drawing Display
"{273E1BA0-0415-11D3-A2E3-006008A88CA8}" = Block Diagrams
"{28067252-15B6-4907-BFBB-CDBBA13DCC1C}" = LDAP Driver
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A697064-098C-45B9-00B0-8C12F1B37D86}" = AutoDiscovery and Layout
"{2B8697EA-453E-11D3-8CE1-00C04F72C04D}" = Help for Visio 2000 (HTML Help)
"{2DBB37E1-3B9A-11D3-A318-006008A88CA8}" = Project Schedules
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{309FB294-387C-4DB4-B1DA-60E7432ECF94}" = Database Design Help
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{325C4969-4808-4A87-9547-F58620C444CA}" = Advanced Network Diagramming
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{420C7754-7758-49F5-807A-A3F9F2790704}" =
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D402678-4016-44F3-8D6F-2538F89249FA}" = OfficeReady 4.0 Platinum
"{5062141B-52D6-4DF2-A6A6-2200202B495C}" = Internet Diagrams
"{50DECEE8-63A6-4EE0-8EDD-655A01B16D28}" = OfficeReadyToolBarSetup
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{5430FF10-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Help
"{5430FF11-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Help
"{5430FF12-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Help
"{5430FF13-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Help
"{5430FF14-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Help
"{5430FF15-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Help
"{5430FF16-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Help
"{5430FF17-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Help
"{5430FF21-2B31-11D3-8F75-00C04F8DD7E3}" = Program Files Help
"{5430FF22-2B31-11D3-8F75-00C04F8DD7E3}" = Shape Explorer Help
"{5751C643-5484-4D31-0067-A8DDA1D8DD52}" = Program Files Enterprise
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{600E5C40-8396-4B78-8671-4D6B21410048}" = Program Files Enterprise Help
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63EF6DD2-F1F1-11D2-9F29-006008A88EC8}" = Program Files
"{64FB3F27-6C57-484D-844B-005563433F85}" = AutoDiscovery and Layout Help
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DFA170-1854-11D3-8F5D-00C04F8DD7E3}" = Custom Properties Editor
"{79DFA172-1854-11D3-8F5D-00C04F8DD7E3}" = Shape Explorer
"{79DFA174-1854-11D3-8F5D-00C04F8DD7E3}" = Page Layout Wizard
"{79DFA176-1854-11D3-8F5D-00C04F8DD7E3}" = Property Reporting Wizard
"{79DFA177-1854-11D3-8F5D-00C04F8DD7E3}" = Save as HTML
"{79DFA179-1854-11D3-8F5D-00C04F8DD7E3}" = Database Wizard
"{79DFA17A-1854-11D3-8F5D-00C04F8DD7E3}" = Spelling
"{79DFA17B-1854-11D3-8F5D-00C04F8DD7E3}" = Graphics Filters
"{7D3DB7D6-494B-11D3-9F62-006008A88EC8}" = Visio Core Files
"{7DD40F12-25DC-11D3-9F43-006008A88EC8}" = Visio
"{82608142-51C2-11D3-B0C4-00C04FC2B1B9}" = CAD Drawing Converter Help
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{922859B1-4A9C-11D3-8662-00C04F8DBAD9}" = Release Notes
"{933DA141-0EEB-11D3-A2EC-006008A88CA8}" = Organization Charts
"{933DA142-0EEB-11D3-A2EC-006008A88CA8}" = Forms and Charts
"{933DA144-0EEB-11D3-A2EC-006008A88CA8}" = Flowcharts
"{933DA145-0EEB-11D3-A2EC-006008A88CA8}" = Network Diagrams
"{933DA146-0EEB-11D3-A2EC-006008A88CA8}" = Maps
"{933DA147-0EEB-11D3-A2EC-006008A88CA8}" = Office Layout
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4FBF34-96D5-4AFB-9DF4-704E02BA4500}" = Database Design
"{A0ED0B30-54E3-11d3-9F6A-006008A88EC8}" = Microsoft Repository
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}" = SPIF225 USB to SATA Bridge 98 Driver Installer
"{ABB47A07-3209-42CE-9260-7BAC030CC6CA}" = FontMSI
"{AC05AC51-5E65-448C-B555-CF956768B76C}" = High Pulse
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2006
"{B06EC9B5-4736-4993-B513-E060A8B1F6F9}" = Software Design Help
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BAC869E2-3A0C-11D3-A315-006008A88CA8}" = Callouts and Connectors Help
"{BAC869E6-3A0C-11D3-A315-006008A88CA8}" = Clip Art and Symbols Help
"{BCF67D2B-02E3-4376-8D03-2980EE522083}" = Internet Diagrams Help
"{BF9C8DA4-9091-11D3-9F71-006008A88EC8}" = BTrieve
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2A5CE58-3A13-11D3-A315-006008A88CA8}" = Borders and Backgrounds Help
"{C5205EE1-2B3E-11D3-8F75-00C04F8DD7E3}" = Developing Visio Solutions Help
"{C62984DC-456A-4D12-8D47-F4910DF866D3}" = High Impact eMail 5
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD648428-0166-462B-9470-E45BEF174FD0}" = Directory Services Help
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0832BB9-947C-424E-8B35-8F70B1BEC0C0}" = Advanced Network Diagramming Help
"{D3AA6C82-2A7E-11D3-8F74-00C04F8DD7E3}" = Add-ons
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DBFA7530-0CBF-11D3-8CC0-00C04F72C04D}" = Visio 2000
"{E460EED5-2B2C-4044-B790-17DFD62148B6}" = Release Notes Enterprise
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3
"{EAB076E8-275E-11D3-A308-00C04FC2B1B9}" = CAD Drawing Converter
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4455372-251E-11D3-8F71-00C04F8DD7E3}" = Solutions
"{F541CA9B-727A-462E-B066-CDF49B5D2C10}" = Directory Services
"{F9EE5132-8BDC-4E3F-B355-BFC51496D00C}" = HIEOutlookPluginSetup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Biz Plan Builder 2010" = Biz Plan Builder 2010
"ClubWPT" = ClubWPT
"Convert DOC to PDF For Word_is1" = Convert DOC to PDF For Word 1.00
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Doro_is1" = Doro 1.42
"Doyles Room" = Doyles Room
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 600 Series" = EPSON WorkForce 600 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.5.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HP Smart Web Printing" = HP Smart Web Printing
"ie8" = Windows Internet Explorer 8
"InstallShield_{04D1D357-39D6-4597-9C05-52279CD652F6}" = WriteExpress 4,001 Business, Sales & Personal Letters
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"MahjongExpressClient" = Mahjong Express (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MIDAS" = MIDAS
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDE" = MSDE
"PalTalk8.2" = Paltalk Messenger
"PicaJet FX_is1" = PicaJet FX 2.6.0.637
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.91
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Tweak UI 2.10" = Tweak UI
"Walgreens PhotoShow Express 4" = Walgreens PhotoShow Express 4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-2139871995-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723
"StarBetGaming_22_3" = StarBetGaming
"StarDustGaming_22_2" = Stardustgaming

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2011 11:53:35 AM | Computer Name = CJ-PC | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 5.3.0.111, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2011 1:42:25 AM | Computer Name = CJ-PC | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe,
P4 10.3.1781.0, P5 mpsigstub.exe, P6 3.0.8107.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 6/27/2011 11:58:49 AM | Computer Name = CJ-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/27/2011 11:58:49 AM | Computer Name = CJ-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/27/2011 11:58:49 AM | Computer Name = CJ-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/27/2011 11:58:54 AM | Computer Name = CJ-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/27/2011 11:58:54 AM | Computer Name = CJ-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/29/2011 10:10:08 AM | Computer Name = CJ-PC | Source = Application Hang | ID = 1002
Description = Hanging application E_FARNEKA.EXE, version 5.0.4.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/3/2011 1:42:41 AM | Computer Name = CJ-PC | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe,
P4 10.3.1781.0, P5 mpsigstub.exe, P6 3.0.8107.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 7/10/2011 1:42:06 AM | Computer Name = CJ-PC | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe,
P4 10.3.1781.0, P5 mpsigstub.exe, P6 3.0.8107.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

[ OSession Events ]
Error - 10/29/2010 11:34:17 PM | Computer Name = CJ-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2131
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 11/12/2010 5:46:34 PM | Computer Name = CJ-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 115194
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 11/20/2010 1:11:54 PM | Computer Name = CJ-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 666746
seconds with 3960 seconds of active time. This session ended with a crash.

Error - 12/25/2010 3:15:31 PM | Computer Name = CJ-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 884130
seconds with 11520 seconds of active time. This session ended with a crash.

Error - 5/17/2011 3:49:20 PM | Computer Name = CJ-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 18073
seconds with 3000 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/8/2011 4:51:44 PM | Computer Name = CJ-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GoogleDesktopManager-051210-111108
with arguments "" in order to run the server: {A5E46143-1803-4E90-A85E-342AD9E7730B}

Error - 9/8/2011 4:51:47 PM | Computer Name = CJ-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GoogleDesktopManager-051210-111108
with arguments "" in order to run the server: {A5E46143-1803-4E90-A85E-342AD9E7730B}

Error - 9/8/2011 4:51:50 PM | Computer Name = CJ-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GoogleDesktopManager-051210-111108
with arguments "" in order to run the server: {A5E46143-1803-4E90-A85E-342AD9E7730B}

Error - 9/8/2011 4:51:53 PM | Computer Name = CJ-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GoogleDesktopManager-051210-111108
with arguments "" in order to run the server: {A5E46143-1803-4E90-A85E-342AD9E7730B}

Error - 9/8/2011 4:51:56 PM | Computer Name = CJ-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GoogleDesktopManager-051210-111108
with arguments "" in order to run the server: {A5E46143-1803-4E90-A85E-342AD9E7730B}

Error - 9/8/2011 4:51:59 PM | Computer Name = CJ-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GoogleDesktopManager-051210-111108
with arguments "" in order to run the server: {A5E46143-1803-4E90-A85E-342AD9E7730B}

Error - 9/8/2011 4:52:02 PM | Computer Name = CJ-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GoogleDesktopManager-051210-111108
with arguments "" in order to run the server: {A5E46143-1803-4E90-A85E-342AD9E7730B}

Error - 9/8/2011 4:52:05 PM | Computer Name = CJ-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GoogleDesktopManager-051210-111108
with arguments "" in order to run the server: {A5E46143-1803-4E90-A85E-342AD9E7730B}

Error - 9/8/2011 4:52:08 PM | Computer Name = CJ-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GoogleDesktopManager-051210-111108
with arguments "" in order to run the server: {A5E46143-1803-4E90-A85E-342AD9E7730B}

Error - 9/8/2011 4:52:11 PM | Computer Name = CJ-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GoogleDesktopManager-051210-111108
with arguments "" in order to run the server: {A5E46143-1803-4E90-A85E-342AD9E7730B}


< End of report >
  • 0

#7
cjosey

cjosey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL logfile created on: 9/8/2011 4:55:12 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\CJ\My Documents\My Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 81.12% Memory free
6.34 Gb Paging File | 5.86 Gb Available in Paging File | 92.46% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 143.35 Gb Free Space | 61.59% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CJ-PC | User Name: CJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/08 16:53:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CJ\My Documents\My Downloads\OTL.exe
PRC - [2011/09/07 20:05:23 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/09/05 11:42:36 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\High Impact eMail 4.0\HighUpdate\Highupdt32.exe
PRC - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/05/25 15:50:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2011/02/24 13:37:38 | 001,262,648 | ---- | M] (Wavget.com) -- C:\Program Files\TypeItIn\TypeItIn.exe
PRC - [2010/12/19 14:31:09 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/04/20 02:35:00 | 000,237,568 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe
PRC - [1998/11/13 02:06:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlmangr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/05 11:42:36 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\High Impact eMail 4.0\HighUpdate\Highupdt32.exe
MOD - [2011/05/22 13:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/10/28 23:23:28 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_091c35c3\mscorlib.dll
MOD - [2010/10/28 23:23:27 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_7a39bfd3\system.drawing.dll
MOD - [2010/10/28 23:23:24 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_49972b48\system.xml.dll
MOD - [2010/10/28 23:23:21 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c52a0d1e\system.windows.forms.dll
MOD - [2010/10/28 23:23:16 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bb05f978\system.dll
MOD - [2010/10/28 23:23:11 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/10/28 23:23:11 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/10/28 21:50:23 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/10/28 21:50:23 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2010/10/28 21:50:22 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2010/10/28 21:50:22 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2010/10/28 21:50:21 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/08/10 01:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/04/13 19:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2001/10/28 02:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (Net Driver HPZ12)
SRV - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL7\Binn\sqlservr.exe -- (MSSQLServer)
SRV - [1998/11/13 02:09:58 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL7\Binn\sqlagent.exe -- (SQLServerAgent)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 16:32:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/10/07 04:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/02 16:52:54 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/01/31 17:20:36 | 004,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/14 22:04:46 | 002,455,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 43 7A 00 20 77 DC 4D 8E EB 07 06 AC 4B 52 1D [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 43 7A 00 20 77 DC 4D 8E EB 07 06 AC 4B 52 1D [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 43 7A 00 20 77 DC 4D 8E EB 07 06 AC 4B 52 1D [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 43 7A 00 20 77 DC 4D 8E EB 07 06 AC 4B 52 1D [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 43 7A 00 20 77 DC 4D 8E EB 07 06 AC 4B 52 1D [binary data]
IE - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msnbc.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {c4e880ef-812c-4d63-885e-cdc3be4ae606}:1.0
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/19 14:31:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/04/19 15:21:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 20:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/07 20:00:10 | 000,000,000 | ---D | M]

[2010/10/28 21:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Extensions
[2011/09/08 16:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions
[2011/04/04 11:17:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/28 22:09:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 23:37:33 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/10/29 22:47:13 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011/09/08 16:54:11 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\{c4e880ef-812c-4d63-885e-cdc3be4ae606}
[2010/12/11 11:08:47 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Toolbar) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2010/11/02 21:23:11 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\[email protected]
[2010/10/29 22:47:20 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\[email protected]
[2011/04/07 10:50:23 | 000,000,000 | ---D | M] (WebDAV Launcher) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\[email protected]
[2011/09/08 16:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/31 08:18:24 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/10/30 14:40:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/26 13:44:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/19 14:31:27 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/19 15:21:46 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/10/30 14:40:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/09/06 17:17:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {007A4390-7720-4DDC-8EEB-0706AC4B521d} - C:\WINDOWS\system32\wscui32.dll (Creative Technology Ltd)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [HighUpdate] C:\Documents and Settings\CJ\Application Data\High Impact eMail 4.0\HighUpdate\Highupdt32.exe ()
O4 - HKU\S-1-5-18..\Run: [HighUpdate] C:\Documents and Settings\CJ\Application Data\High Impact eMail 4.0\HighUpdate\Highupdt32.exe ()
O4 - HKU\S-1-5-19..\Run: [HighUpdate] C:\Documents and Settings\CJ\Application Data\High Impact eMail 4.0\HighUpdate\Highupdt32.exe ()
O4 - HKU\S-1-5-20..\Run: [HighUpdate] C:\Documents and Settings\CJ\Application Data\High Impact eMail 4.0\HighUpdate\Highupdt32.exe ()
O4 - HKU\S-1-5-21-1275210071-2139871995-682003330-1003..\Run: [EPSON WorkForce 600(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1275210071-2139871995-682003330-1003..\Run: [HighUpdate] C:\Documents and Settings\CJ\Application Data\High Impact eMail 4.0\HighUpdate\Highupdt32.exe ()
O4 - HKU\S-1-5-21-1275210071-2139871995-682003330-1003..\Run: [KeyboardManagerVerifier] C:\Documents and Settings\All Users\Application Data\KeyboardManagerVerifier.dll (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1275210071-2139871995-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1275210071-2139871995-682003330-1003..\Run: [Walgreens PhotoShow Media Manager] C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe (Wavget.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1288320820093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7556CE-0996-473D-B10A-A7AA6761BC46}: DhcpNameServer = 68.87.74.166 68.87.68.166 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\CJ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\CJ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/28 15:04:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1275210071-2139871995-682003330-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 16:40:53 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\CJ\Desktop\aswMBR.exe
[2011/09/06 19:25:42 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\CJ\Desktop\TDSSKiller.exe
[2011/09/06 17:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CJ\Desktop\GooredFix Backups
[2011/09/06 17:26:57 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\CJ\Desktop\GooredFix.exe
[2011/09/06 17:24:02 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CJ\Desktop\OTM.exe
[2011/09/06 17:17:22 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/06 17:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/06 17:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/06 17:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/05 11:42:37 | 000,068,608 | ---- | C] (Creative Technology Ltd) -- C:\Documents and Settings\All Users\Application Data\KeyboardManagerVerifier.dll
[2011/09/03 11:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CJ\Desktop\Olive Oyl
[2011/08/31 08:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/26 11:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CJ\Desktop\9187 Pics for Listing
[2011/08/10 15:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CJ\My Documents\My Hand Histories
[2011/08/10 12:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CJ\My Documents\1 - DoWorkforStock
[2011/08/01 11:53:37 | 008,007,680 | ---- | C] ( ) -- C:\WINDOWS\System32\Microsoft.mshtml.dll
[2011/07/14 13:37:23 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\Interop.OR4PhotoComponent.dll
[2011/07/14 10:42:18 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\MACTrackBarLib.dll
[1 C:\Documents and Settings\CJ\Desktop\*.tmp files -> C:\Documents and Settings\CJ\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\CJ\*.tmp files -> C:\Documents and Settings\CJ\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/08 16:55:13 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-2139871995-682003330-1003.job
[2011/09/08 16:55:13 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-2139871995-682003330-1003.job
[2011/09/08 16:55:11 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\9f112c56
[2011/09/08 16:51:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/08 16:51:23 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 16:51:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/08 16:51:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/09/08 16:51:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/09/08 16:43:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\CJ\Desktop\MBR.dat
[2011/09/08 16:41:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\CJ\Desktop\aswMBR.exe
[2011/09/08 16:12:13 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\7fccd3a9
[2011/09/08 16:11:56 | 000,006,190 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\68695bac
[2011/09/08 16:10:02 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 15:29:16 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\17692356
[2011/09/08 15:07:35 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2011/09/08 14:40:22 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2011/09/07 19:44:58 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/09/07 14:50:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/06 19:25:42 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\CJ\Desktop\TDSSKiller.exe
[2011/09/06 17:26:33 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\CJ\Desktop\GooredFix.exe
[2011/09/06 17:24:03 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CJ\Desktop\OTM.exe
[2011/09/06 17:17:24 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/06 17:14:47 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\CJ\Desktop\NTREGOPT.lnk
[2011/09/06 17:14:47 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\CJ\Desktop\ERUNT.lnk
[2011/09/06 14:28:28 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/09/04 09:14:48 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/09/04 01:40:47 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/03 16:05:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/09/01 09:10:42 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/08/26 17:49:54 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\CJ\Desktop\WriteExpress 4,001 Business, Sales & Personal Letters.lnk
[2011/08/26 11:57:57 | 000,000,060 | ---- | M] () -- C:\Documents and Settings\CJ\Local Settings\Application Data\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list
[2011/08/13 13:39:49 | 000,001,171 | ---- | M] () -- C:\Documents and Settings\CJ\My Documents\ChatLog Meet Now 2011_08_13 13_39.rtf
[2011/08/12 11:58:54 | 000,000,417 | ---- | M] () -- C:\Documents and Settings\CJ\My Documents\ChatLog Meet Now 2011_08_12 11_58.rtf
[1 C:\Documents and Settings\CJ\Desktop\*.tmp files -> C:\Documents and Settings\CJ\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\CJ\*.tmp files -> C:\Documents and Settings\CJ\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/08 16:43:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\CJ\Desktop\MBR.dat
[2011/09/06 17:14:47 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\CJ\Desktop\NTREGOPT.lnk
[2011/09/06 17:14:47 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\CJ\Desktop\ERUNT.lnk
[2011/09/06 11:52:01 | 000,006,190 | ---- | C] () -- C:\Documents and Settings\CJ\Application Data\68695bac
[2011/09/06 09:41:41 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\CJ\Application Data\7fccd3a9
[2011/09/05 12:42:38 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\CJ\Application Data\17692356
[2011/09/05 11:42:45 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\CJ\Application Data\9f112c56
[2011/09/01 09:11:56 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\CJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/08/13 13:39:49 | 000,001,171 | ---- | C] () -- C:\Documents and Settings\CJ\My Documents\ChatLog Meet Now 2011_08_13 13_39.rtf
[2011/08/12 11:58:54 | 000,000,417 | ---- | C] () -- C:\Documents and Settings\CJ\My Documents\ChatLog Meet Now 2011_08_12 11_58.rtf
[2011/08/01 11:53:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CSVRes.dll
[2011/08/01 11:52:40 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll
[2011/08/01 11:52:39 | 000,544,842 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload4.dll
[2011/08/01 11:52:39 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\HTTPUploadDownload.dll
[2011/07/14 13:37:27 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload2.dll
[2011/07/14 13:37:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AxInterop.OR4PhotoComponent.dll
[2011/07/14 10:42:21 | 002,592,768 | ---- | C] () -- C:\WINDOWS\System32\InvestintechConversionDLL.dll
[2011/07/14 10:40:18 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2011/07/14 10:40:17 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LWLLHttpsUpload2.dll
[2011/06/13 12:04:47 | 000,038,508 | ---- | C] () -- C:\Documents and Settings\CJ\Application Data\Comma Separated Values (Windows).ADR
[2011/06/07 11:21:01 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\CJ\Local Settings\Application Data\fusioncache.dat
[2011/06/07 11:20:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/06/07 11:17:46 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/06/07 11:17:18 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2011/06/07 11:17:18 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/06/07 11:17:18 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/06/07 11:17:18 | 000,156,671 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/06/07 11:17:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2011/06/07 11:17:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2011/06/07 11:12:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/07 11:10:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/05/13 06:54:51 | 000,016,760 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x3tbwckgdsrt4w7qy7wnmk2ridtksvb57h2
[2011/04/04 11:10:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/03/23 13:38:23 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/03/23 13:38:23 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/03/23 13:38:23 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/03/23 13:38:23 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/03/23 13:38:23 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/03/23 13:38:23 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/03/23 13:38:23 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/03/23 13:38:23 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/03/23 13:38:23 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/03/23 13:38:23 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/03/23 13:38:23 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/03/23 13:38:23 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/03/23 13:38:23 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/03/23 13:38:23 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/03/23 13:38:23 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/03/23 13:38:23 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/11/30 00:41:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/27 15:39:42 | 000,019,515 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/10/31 21:29:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Rev98HDD.exe
[2010/10/31 21:29:17 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\drivers\Rev98HDD.ini
[2010/10/31 13:44:10 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\CJ\Local Settings\Application Data\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list
[2010/10/29 23:37:16 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\CJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 20:38:25 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/28 21:12:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/28 15:05:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/28 15:01:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/28 10:50:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/28 10:49:25 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/04/13 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 19:00:00 | 000,505,056 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 19:00:00 | 000,088,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 19:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/03/31 04:03:00 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT
[2005/04/14 23:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/14 23:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/11/20 16:13:44 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2001/10/28 02:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[1998/06/10 16:08:40 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\Reputil.dll
[1996/10/07 15:25:02 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32mkde.exe
[1996/09/24 12:40:44 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32mkrc.dll
[1993/11/02 13:12:36 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\Nwlocale.dll

========== LOP Check ==========

[2010/12/05 11:44:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/23 13:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/12/11 11:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/12/11 11:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/09/08 16:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/10/31 16:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/10/29 08:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/08/05 10:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2011/08/01 14:03:10 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\Visio
[2011/08/02 10:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/03/23 17:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Epson
[2011/08/05 13:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\FileZilla
[2011/09/05 11:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\High Impact eMail 4.0
[2011/08/01 11:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\High Impact eMail 5
[2010/11/01 19:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\HighPulse
[2010/10/29 20:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Leadertech
[2011/07/28 19:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\LiveMetrics
[2011/08/01 11:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\LiveWare
[2010/11/01 23:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Paltalk
[2010/10/31 13:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Picajet.com
[2010/12/24 15:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Simple Star
[2011/04/25 11:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\StarBetGaming
[2011/08/05 10:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Virtual Mechanics
[2011/06/08 12:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Walgreens
[2011/09/04 01:40:47 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 19:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 19:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 19:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 19:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run could you check your searches out please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 43 7A 00 20 77 DC 4D 8E EB 07 06 AC 4B 52 1D [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 43 7A 00 20 77 DC 4D 8E EB 07 06 AC 4B 52 1D [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 43 7A 00 20 77 DC 4D 8E EB 07 06 AC 4B 52 1D [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 43 7A 00 20 77 DC 4D 8E EB 07 06 AC 4B 52 1D [binary data]
    IE - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 43 7A 00 20 77 DC 4D 8E EB 07 06 AC 4B 52 1D [binary data]
    FF - prefs.js..extensions.enabledItems: {c4e880ef-812c-4d63-885e-cdc3be4ae606}:1.0
    [2011/09/08 16:54:11 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\{c4e880ef-812c-4d63-885e-cdc3be4ae606}
    O2 - BHO: (no name) - {007A4390-7720-4DDC-8EEB-0706AC4B521d} - C:\WINDOWS\system32\wscui32.dll (Creative Technology Ltd)
    O3 - HKU\S-1-5-21-1275210071-2139871995-682003330-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    [2011/09/08 16:55:11 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\9f112c56
    [2011/09/08 16:12:13 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\7fccd3a9
    [2011/09/08 16:11:56 | 000,006,190 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\68695bac
    [2011/09/08 15:29:16 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\17692356
    [2011/05/13 06:54:51 | 000,016,760 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x3tbwckgdsrt4w7qy7wnmk2ridtksvb57h2

    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-]
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-21-1275210071-2139871995-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
cjosey

cjosey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I completed the above and checked the search results and it is still happening. I will post the OTL QuickScan log in the next post.
  • 0

#10
cjosey

cjosey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL logfile created on: 9/9/2011 1:10:39 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\CJ\My Documents\My Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 81.93% Memory free
6.34 Gb Paging File | 5.91 Gb Available in Paging File | 93.30% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 143.35 Gb Free Space | 61.58% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CJ-PC | User Name: CJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/08 16:53:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CJ\My Documents\My Downloads\OTL.exe
PRC - [2011/09/07 20:05:23 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/09/05 11:42:36 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\High Impact eMail 4.0\HighUpdate\Highupdt32.exe
PRC - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/05/25 15:50:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2011/02/24 13:37:38 | 001,262,648 | ---- | M] (Wavget.com) -- C:\Program Files\TypeItIn\TypeItIn.exe
PRC - [2010/12/19 14:31:09 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/04/20 02:35:00 | 000,237,568 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe
PRC - [1998/11/13 02:06:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlmangr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/05 11:42:36 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\High Impact eMail 4.0\HighUpdate\Highupdt32.exe
MOD - [2010/10/28 23:23:28 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_091c35c3\mscorlib.dll
MOD - [2010/10/28 23:23:27 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_7a39bfd3\system.drawing.dll
MOD - [2010/10/28 23:23:24 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_49972b48\system.xml.dll
MOD - [2010/10/28 23:23:21 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c52a0d1e\system.windows.forms.dll
MOD - [2010/10/28 23:23:16 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bb05f978\system.dll
MOD - [2010/10/28 23:23:11 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/10/28 23:23:11 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/10/28 21:50:23 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/10/28 21:50:23 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2010/10/28 21:50:22 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2010/10/28 21:50:22 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2010/10/28 21:50:21 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/08/10 01:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/04/13 19:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2001/10/28 02:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (Net Driver HPZ12)
SRV - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL7\Binn\sqlservr.exe -- (MSSQLServer)
SRV - [1998/11/13 02:09:58 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL7\Binn\sqlagent.exe -- (SQLServerAgent)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 16:32:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/10/07 04:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/02 16:52:54 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/01/31 17:20:36 | 004,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/14 22:04:46 | 002,455,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msnbc.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/19 14:31:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/04/19 15:21:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 20:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/07 20:00:10 | 000,000,000 | ---D | M]

[2010/10/28 21:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Extensions
[2011/09/08 17:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions
[2011/04/04 11:17:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/28 22:09:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 23:37:33 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/10/29 22:47:13 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/12/11 11:08:47 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Toolbar) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2010/11/02 21:23:11 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\[email protected]
[2010/10/29 22:47:20 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\[email protected]
[2011/04/07 10:50:23 | 000,000,000 | ---D | M] (WebDAV Launcher) -- C:\Documents and Settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\extensions\[email protected]
[2011/09/08 17:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/31 08:18:24 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/10/30 14:40:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/26 13:44:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/19 14:31:27 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CJ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\15NALXL6.DEFAULT\EXTENSIONS\{C4E880EF-812C-4D63-885E-CDC3BE4AE606}
[2011/04/19 15:21:46 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/10/30 14:40:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/09/09 13:06:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {007A4390-7720-4DDC-8EEB-0706AC4B521d} - No CLSID value found.
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EPSON WorkForce 600(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [HighUpdate] C:\Documents and Settings\CJ\Application Data\High Impact eMail 4.0\HighUpdate\Highupdt32.exe ()
O4 - HKCU..\Run: [KeyboardManagerVerifier] C:\Documents and Settings\All Users\Application Data\KeyboardManagerVerifier.dll (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Walgreens PhotoShow Media Manager] C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe (Wavget.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1288320820093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7556CE-0996-473D-B10A-A7AA6761BC46}: DhcpNameServer = 68.87.74.166 68.87.68.166 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\CJ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\CJ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/28 15:04:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/09 13:06:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/08 16:40:53 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\CJ\Desktop\aswMBR.exe
[2011/09/06 19:25:42 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\CJ\Desktop\TDSSKiller.exe
[2011/09/06 17:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CJ\Desktop\GooredFix Backups
[2011/09/06 17:26:57 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\CJ\Desktop\GooredFix.exe
[2011/09/06 17:24:02 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CJ\Desktop\OTM.exe
[2011/09/06 17:17:22 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/06 17:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/06 17:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/06 17:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/05 11:42:37 | 000,068,608 | ---- | C] (Creative Technology Ltd) -- C:\Documents and Settings\All Users\Application Data\KeyboardManagerVerifier.dll
[2011/09/03 11:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CJ\Desktop\Olive Oyl
[2011/08/31 08:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/26 11:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CJ\Desktop\9187 Pics for Listing
[2011/08/10 15:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CJ\My Documents\My Hand Histories
[2011/08/01 11:53:37 | 008,007,680 | ---- | C] ( ) -- C:\WINDOWS\System32\Microsoft.mshtml.dll
[2011/07/14 13:37:23 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\Interop.OR4PhotoComponent.dll
[2011/07/14 10:42:18 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\MACTrackBarLib.dll
[1 C:\Documents and Settings\CJ\Desktop\*.tmp files -> C:\Documents and Settings\CJ\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\CJ\*.tmp files -> C:\Documents and Settings\CJ\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/09 13:10:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/09 13:09:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/09 13:09:00 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/09 13:09:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-2139871995-682003330-1003.job
[2011/09/09 13:08:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/09 13:08:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/09/09 13:08:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/09/09 13:06:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/09 13:06:49 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-2139871995-682003330-1003.job
[2011/09/09 13:05:53 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\CJ\Desktop\OTL.exe.lnk
[2011/09/08 23:59:01 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/09/08 16:43:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\CJ\Desktop\MBR.dat
[2011/09/08 16:41:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\CJ\Desktop\aswMBR.exe
[2011/09/08 15:07:35 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2011/09/08 14:40:22 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\CJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2011/09/07 14:50:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/06 19:25:42 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\CJ\Desktop\TDSSKiller.exe
[2011/09/06 17:26:33 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\CJ\Desktop\GooredFix.exe
[2011/09/06 17:24:03 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CJ\Desktop\OTM.exe
[2011/09/06 17:14:47 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\CJ\Desktop\NTREGOPT.lnk
[2011/09/06 17:14:47 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\CJ\Desktop\ERUNT.lnk
[2011/09/06 14:28:28 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/09/04 09:14:48 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/09/04 01:40:47 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/03 16:05:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/09/01 09:10:42 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/08/26 17:49:54 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\CJ\Desktop\WriteExpress 4,001 Business, Sales & Personal Letters.lnk
[2011/08/26 11:57:57 | 000,000,060 | ---- | M] () -- C:\Documents and Settings\CJ\Local Settings\Application Data\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list
[2011/08/13 13:39:49 | 000,001,171 | ---- | M] () -- C:\Documents and Settings\CJ\My Documents\ChatLog Meet Now 2011_08_13 13_39.rtf
[2011/08/12 11:58:54 | 000,000,417 | ---- | M] () -- C:\Documents and Settings\CJ\My Documents\ChatLog Meet Now 2011_08_12 11_58.rtf
[1 C:\Documents and Settings\CJ\Desktop\*.tmp files -> C:\Documents and Settings\CJ\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\CJ\*.tmp files -> C:\Documents and Settings\CJ\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/09 13:05:53 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\CJ\Desktop\OTL.exe.lnk
[2011/09/08 16:43:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\CJ\Desktop\MBR.dat
[2011/09/06 17:14:47 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\CJ\Desktop\NTREGOPT.lnk
[2011/09/06 17:14:47 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\CJ\Desktop\ERUNT.lnk
[2011/09/01 09:11:56 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\CJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/08/13 13:39:49 | 000,001,171 | ---- | C] () -- C:\Documents and Settings\CJ\My Documents\ChatLog Meet Now 2011_08_13 13_39.rtf
[2011/08/12 11:58:54 | 000,000,417 | ---- | C] () -- C:\Documents and Settings\CJ\My Documents\ChatLog Meet Now 2011_08_12 11_58.rtf
[2011/08/01 11:53:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CSVRes.dll
[2011/08/01 11:52:40 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll
[2011/08/01 11:52:39 | 000,544,842 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload4.dll
[2011/08/01 11:52:39 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\HTTPUploadDownload.dll
[2011/07/14 13:37:27 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload2.dll
[2011/07/14 13:37:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AxInterop.OR4PhotoComponent.dll
[2011/07/14 10:42:21 | 002,592,768 | ---- | C] () -- C:\WINDOWS\System32\InvestintechConversionDLL.dll
[2011/07/14 10:40:18 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2011/07/14 10:40:17 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LWLLHttpsUpload2.dll
[2011/06/13 12:04:47 | 000,038,508 | ---- | C] () -- C:\Documents and Settings\CJ\Application Data\Comma Separated Values (Windows).ADR
[2011/06/07 11:21:01 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\CJ\Local Settings\Application Data\fusioncache.dat
[2011/06/07 11:20:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/06/07 11:17:46 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/06/07 11:17:18 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2011/06/07 11:17:18 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/06/07 11:17:18 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/06/07 11:17:18 | 000,156,671 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/06/07 11:17:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2011/06/07 11:17:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2011/06/07 11:12:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/07 11:10:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/04/04 11:10:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/03/23 13:38:23 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/03/23 13:38:23 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/03/23 13:38:23 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/03/23 13:38:23 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/03/23 13:38:23 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/03/23 13:38:23 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/03/23 13:38:23 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/03/23 13:38:23 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/03/23 13:38:23 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/03/23 13:38:23 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/03/23 13:38:23 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/03/23 13:38:23 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/03/23 13:38:23 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/03/23 13:38:23 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/03/23 13:38:23 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/03/23 13:38:23 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/11/30 00:41:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/27 15:39:42 | 000,019,515 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/10/31 21:29:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Rev98HDD.exe
[2010/10/31 21:29:17 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\drivers\Rev98HDD.ini
[2010/10/31 13:44:10 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\CJ\Local Settings\Application Data\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list
[2010/10/29 23:37:16 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\CJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 20:38:25 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/28 21:12:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/28 15:05:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/28 15:01:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/28 10:50:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/28 10:49:25 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/04/13 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 19:00:00 | 000,505,056 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 19:00:00 | 000,088,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 19:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/03/31 04:03:00 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT
[2005/04/14 23:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/14 23:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/11/20 16:13:44 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2001/10/28 02:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[1998/06/10 16:08:40 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\Reputil.dll
[1996/10/07 15:25:02 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32mkde.exe
[1996/09/24 12:40:44 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32mkrc.dll
[1993/11/02 13:12:36 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\Nwlocale.dll

========== LOP Check ==========

[2010/12/05 11:44:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/23 13:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/12/11 11:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/12/11 11:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/09/09 13:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/10/31 16:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/10/29 08:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/08/05 10:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2011/08/01 14:03:10 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\Visio
[2011/08/02 10:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/03/23 17:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Epson
[2011/08/05 13:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\FileZilla
[2011/09/05 11:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\High Impact eMail 4.0
[2011/08/01 11:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\High Impact eMail 5
[2010/11/01 19:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\HighPulse
[2010/10/29 20:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Leadertech
[2011/07/28 19:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\LiveMetrics
[2011/08/01 11:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\LiveWare
[2010/11/01 23:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Paltalk
[2010/10/31 13:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Picajet.com
[2010/12/24 15:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Simple Star
[2011/04/25 11:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\StarBetGaming
[2011/08/05 10:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Virtual Mechanics
[2011/06/08 12:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Walgreens
[2011/09/04 01:40:47 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you experience the same problem with IE ?

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#12
cjosey

cjosey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Same problem with IE. BTW - now neither browser will open www.google.com. With IE it says: Internet Explorer cannot display the webpage. With Firefox it just doesn't display anything.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK continue with combofix and I will check the log for the miscreant if Combofix doesn't kill it first
  • 0

#14
cjosey

cjosey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ComboFix 11-09-09.04 - CJ 09/09/2011 17:19:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2692 [GMT -4:00]
Running from: c:\documents and settings\CJ\My Documents\My Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fecnyd5h.default\extensions\{c4e880ef-812c-4d63-885e-cdc3be4ae606}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fecnyd5h.default\extensions\{c4e880ef-812c-4d63-885e-cdc3be4ae606}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fecnyd5h.default\extensions\{c4e880ef-812c-4d63-885e-cdc3be4ae606}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fecnyd5h.default\extensions\{c4e880ef-812c-4d63-885e-cdc3be4ae606}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fecnyd5h.default\extensions\{c4e880ef-812c-4d63-885e-cdc3be4ae606}\install.rdf
c:\documents and settings\All Users\Application Data\KeyboardManagerVerifier.dll
c:\documents and settings\CJ\g2mdlhlpx.exe
c:\documents and settings\CJ\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\CJ\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse
c:\documents and settings\CJ\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\CJ\tofqsdfwgu.tmp
c:\documents and settings\CJ\WINDOWS
c:\program files\Internet Explorer\SET2D3.tmp
c:\program files\Internet Explorer\SET2D8.tmp
c:\windows\system32\comct332.ocx
c:\windows\system32\lvci12101110.dll
c:\windows\system32\regobj.dll
c:\windows\system32\test.dll
c:\windows\system32\WindowsInstaller-KB893803-v2-x86.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
.
.
2011-09-09 21:24 . 2011-09-09 21:24 -------- d-----w- c:\documents and settings\CJ\Local Settings\Application Data\ApplicationHistory
2011-09-09 17:06 . 2011-09-09 17:06 -------- d-----w- C:\_OTL
2011-09-06 21:17 . 2011-09-06 21:17 -------- d-----w- C:\_OTM
2011-09-06 21:14 . 2011-09-06 21:15 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-24 13:07 . 2011-05-26 13:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-01 15:53 . 2011-08-01 15:53 95 ----a-w- c:\windows\system32\InstallGAC.bat
2011-07-06 20:32 . 2011-06-07 15:29 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 20:32 . 2011-06-07 15:29 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 20:32 . 2011-06-07 15:29 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-06 20:32 . 2011-06-07 15:29 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-06-16 15:29 . 2011-06-07 15:29 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-06-16 15:29 . 2011-06-07 15:29 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2010-10-30 02:52 . 2010-10-30 02:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Walgreens PhotoShow Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" [2006-04-20 237568]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google desktop"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-30 30192]
"HighUpdate"="c:\documents and settings\CJ\Application Data\High Impact eMail 4.0\HighUpdate\Highupdt32.exe" [2011-09-05 56832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-31 16860672]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-19 274608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"HighUpdate"="c:\documents and settings\CJ\Application Data\High Impact eMail 4.0\HighUpdate\Highupdt32.exe" [2011-09-05 56832]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\mssql7\Binn\sqlmangr.exe [2011-8-1 110592]
TypeItIn.lnk - c:\program files\TypeItIn\TypeItIn.exe [2011-7-1 1262648]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-5-25 610120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-06 20:32 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-01-31 21:20 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-30 02:52 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 17:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-12-19 18:31 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"stllssvr"=3 (0x3)
"SpyHunter 4 Service"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MsMpSvc"=2 (0x2)
"McComponentHostService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"GoogleDesktopManager-051210-111108"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/1/2011 12:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40 PM 12856]
S0 cerc6;cerc6; [x]
S1 MpKsl1149fbfc;MpKsl1149fbfc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C23EBD59-D594-466D-8C42-C60E2571309D}\MpKsl1149fbfc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C23EBD59-D594-466D-8C42-C60E2571309D}\MpKsl1149fbfc.sys [?]
S1 MpKsl39400df4;MpKsl39400df4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F777385F-0755-41CE-926A-8DF69E99657C}\MpKsl39400df4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F777385F-0755-41CE-926A-8DF69E99657C}\MpKsl39400df4.sys [?]
S1 MpKsl425e5757;MpKsl425e5757;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKsl425e5757.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKsl425e5757.sys [?]
S1 MpKsl4f940135;MpKsl4f940135;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKsl4f940135.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKsl4f940135.sys [?]
S1 MpKsl5b1d8dc1;MpKsl5b1d8dc1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20624EE7-E6EB-477E-93B5-255498C1E39F}\MpKsl5b1d8dc1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20624EE7-E6EB-477E-93B5-255498C1E39F}\MpKsl5b1d8dc1.sys [?]
S1 MpKsl5ea71b7c;MpKsl5ea71b7c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKsl5ea71b7c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKsl5ea71b7c.sys [?]
S1 MpKsl68174dde;MpKsl68174dde;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FF24863-27E3-4ACC-8652-21BFC29001DB}\MpKsl68174dde.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FF24863-27E3-4ACC-8652-21BFC29001DB}\MpKsl68174dde.sys [?]
S1 MpKsl84964f49;MpKsl84964f49;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKsl84964f49.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKsl84964f49.sys [?]
S1 MpKslaf59d679;MpKslaf59d679;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKslaf59d679.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKslaf59d679.sys [?]
S1 MpKslb4cb766b;MpKslb4cb766b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKslb4cb766b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKslb4cb766b.sys [?]
S1 MpKslc9309746;MpKslc9309746;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C23EBD59-D594-466D-8C42-C60E2571309D}\MpKslc9309746.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C23EBD59-D594-466D-8C42-C60E2571309D}\MpKslc9309746.sys [?]
S1 MpKsld4dc72a0;MpKsld4dc72a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKsld4dc72a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKsld4dc72a0.sys [?]
S1 MpKsld524eeb9;MpKsld524eeb9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FEF8C06-DA62-407E-9EDD-F515C3A3D948}\MpKsld524eeb9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FEF8C06-DA62-407E-9EDD-F515C3A3D948}\MpKsld524eeb9.sys [?]
S1 MpKsle75ca919;MpKsle75ca919;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{852ED148-CFF5-4788-A93A-2E0BE95ADB75}\MpKsle75ca919.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{852ED148-CFF5-4788-A93A-2E0BE95ADB75}\MpKsle75ca919.sys [?]
S1 MpKslf096f2ee;MpKslf096f2ee;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2DBF5E3-4600-4252-B57E-FD7A10B5E4E8}\MpKslf096f2ee.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2DBF5E3-4600-4252-B57E-FD7A10B5E4E8}\MpKslf096f2ee.sys [?]
S1 MpKslfea6b31d;MpKslfea6b31d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKslfea6b31d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E50A814-6333-4D09-B172-755BF58D9A29}\MpKslfea6b31d.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/30/2010 12:40 AM 136176]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/30/2010 12:40 AM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/13/2008 7:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/29/2010 10:50 PM 30192]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 04:40]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 04:40]
.
2011-09-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
2011-09-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-2139871995-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-09-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-2139871995-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-09-04 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-06-13 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.74.166 68.87.68.166 192.168.1.1
FF - ProfilePath - c:\documents and settings\CJ\Application Data\Mozilla\Firefox\Profiles\15nalxl6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Noia 2.0 eXtreme OPT: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - %profile%\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: WebDAV Launcher: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{007A4390-7720-4DDC-8EEB-0706AC4B521d} - (no file)
HKCU-Run-KeyboardManagerVerifier - c:\documents and settings\All Users\Application Data\KeyboardManagerVerifier.dll
MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-09 17:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{326767A3-8CB5-A8DB-7A75-5E6B2AC26D94}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakgkceafgacadoeec"=hex:6b,61,66,65,6b,62,6b,68,69,6b,6d,6a,66,6b,70,61,68,61,
61,65,6b,6a,00,00
"haahcdjjjdomoffo"=hex:69,61,6c,64,6e,61,70,6a,62,6c,6a,65,6e,6b,66,67,70,6b,
00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{11B5C8DC-3FEA-1682-D4F0355518481497}\{414E0745-768E-27E6-1A22BEEA50FFC306}\{0F77990A-A8C5-E83C-A2DEB9098A2A23DE}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{96F2798D-EE18-95D0-A7197C435BDCDB7A}\{B7171FD7-9E1E-7ECE-C475A6A21A98AE1F}\{E201A5FE-5FCE-C749-1B6C01549F8CE017}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,0b,fd,69,
4d,59,70,90,69,76,20,7f,58,a2,a9,83,e1,a8,30,c1,3f,f1,91,0f,ee,f8,5c,44,47,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(4192)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\TypeItIn28.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2011-09-09 17:30:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-09 21:30
.
Pre-Run: 153,713,557,504 bytes free
Post-Run: 153,597,980,672 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 21C8F7B89CC0B61044A935B0638062CD
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now recheck please and let me know the result
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP