Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Opera Hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Opera Hijacked

Unread postby nineinchheel » January 5th, 2011, 10:15 pm

I couldn't tick "O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k" because it didn't come up. I assume when you said tick them you meant tick them and press fix? That's what I did.

I also couldn't delete C:\DOCUME~1\George\LOCALS~1\Temp\urkjkoeob\tsndsmxlajb.exe because it didn't exist.

OTL produced two reports of each name! I will post the larger and second of each.

OTL logfile created on: 06/01/2011 02:01:01 - Run 1
OTL by OldTimer - Version Folder = C:\Documents and Settings\George\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

382.00 Mb Total Physical Memory | 98.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 0.80 Gb Free Space | 1.08% Space Free | Partition Type: NTFS

Computer Name: ROWANTREE | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\George\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\George\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\George\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FileZilla Server) -- C:\Program Files\FileZilla Server\FileZilla Server.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (TODDSrv) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SABProcEnum) -- C:\Program Files\Mozilla Firefox\SABProcEnum.sys File not found
DRV - (d83568e8) -- C:\WINDOWS\System32\drivers\d83568e8.sys File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (RSUSBCCID) -- C:\WINDOWS\system32\drivers\RtsUCcid.sys (Realtek Semiconductor Corp.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\WINDOWS\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (APLMp50) -- C:\WINDOWS\system32\drivers\APLMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (BTNetFilter) -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys (IVT Corporation.)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tdudf) -- C:\WINDOWS\system32\drivers\tdudf.sys (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (tdcmdpst) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TPwSav) -- C:\WINDOWS\system32\drivers\TPwSav.sys (TOSHIBA )
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://search.ebay.co.uk/search/search. ... 7&satitle=%s
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay, = +
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,% = %25
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.co.uk/search?hl=en&q=%s&btnG=Google+Search&meta=
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g, = +
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g,# = %23
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g,% = %25
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g,& = %26
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g,+ = %2B
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi, = http://images.google.com/images?hl=en&q=%s&btnG=Search+Images&gbv=2
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi, = +
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi,# = %23
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi,% = %25
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi,& = %26
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi,+ = %2B
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google, = http://www.google.co.uk/search?hl=en&q=%s&btnG=Google+Search&meta=
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google, = +
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google,# = %23
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google,% = %25
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google,& = %26
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google,+ = %2B
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki, = http://www.wikipedia.org/w/wiki.phtml?search=%s
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki, = +
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki,# = %23
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki,% = %25
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki,& = %26
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki,+ = %2B
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt, = http://www.youtube.com/results?search_query=%s
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt, = +
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt,# = %23
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt,% = %25
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt,& = %26
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt,+ = %2B
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\remoteExt@emusic.com: C:\Program Files\eMusic Remote\remoteExt
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/10 19:47:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/10 19:47:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/13 20:57:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/05/07 00:21:25 | 000,000,000 | ---D | M]

[2008/06/24 11:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Extensions
[2011/01/05 18:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\g3sq6njz.default\extensions
[2009/05/07 11:18:53 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\g3sq6njz.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/05/10 23:08:07 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\g3sq6njz.default\extensions\firebug@software.joehewitt.com
[2011/01/05 18:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/11/29 17:28:10 | 000,626,688 | ---- | M] (ebrary) -- C:\Program Files\Mozilla Firefox\plugins\NPInfotl.dll
[2007/09/05 12:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
[2010/03/16 18:27:25 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/16 18:27:25 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/16 18:27:25 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/16 18:27:25 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/01/05 21:12:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-227175942-290336581-80609558-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-227175942-290336581-80609558-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-227175942-290336581-80609558-1006..\Run: [kcauhgbt] C:\DOCUME~1\George\LOCALS~1\Temp\huelamesu\nvthijelajb.exe File not found
O4 - HKU\S-1-5-21-227175942-290336581-80609558-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-227175942-290336581-80609558-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-227175942-290336581-80609558-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-227175942-290336581-80609558-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-227175942-290336581-80609558-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-227175942-290336581-80609558-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-227175942-290336581-80609558-1006 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-227175942-290336581-80609558-1006 Winlogon: Shell - (C:\Documents and Settings\George\Application Data\dwm.exe) - C:\Documents and Settings\George\Application Data\dwm.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/22 08:52:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ad1a31b-f633-11de-af0d-0016e35b24fb}\Shell - "" = AutoRun
O33 - MountPoints2\{3ad1a31b-f633-11de-af0d-0016e35b24fb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ad1a31b-f633-11de-af0d-0016e35b24fb}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{3ad1a31c-f633-11de-af0d-0016e35b24fb}\Shell - "" = AutoRun
O33 - MountPoints2\{3ad1a31c-f633-11de-af0d-0016e35b24fb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ad1a31c-f633-11de-af0d-0016e35b24fb}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{5d37bb43-689d-11de-aebc-0016e35b24fb}\Shell\AutoRun\command - "" = E:\RavMon.exe -- File not found
O33 - MountPoints2\{5d37bb43-689d-11de-aebc-0016e35b24fb}\Shell\explore\Command - "" = E:\RavMon.exe -- File not found
O33 - MountPoints2\{5d37bb43-689d-11de-aebc-0016e35b24fb}\Shell\open\Command - "" = E:\RavMon.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-227175942-290336581-80609558-1006\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-227175942-290336581-80609558-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/06 01:35:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/05 21:50:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/05 14:27:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/05 14:27:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/05 14:27:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/05 14:27:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/05 14:26:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/04 12:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\My Documents\HijackThis
[2011/01/04 12:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Start Menu\Programs\HiJackThis
[2010/12/19 17:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Desktop\new jsa claim
[2010/12/08 22:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Desktop\testdisk-6.11.3
[2010/12/07 16:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB 2.0 Card Reader Software
[2010/12/07 16:36:59 | 000,028,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RTSTOR.sys
[2010/12/07 16:35:25 | 000,256,544 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtsUCcid.dll
[2010/12/07 16:34:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sda
[2010/12/07 16:34:46 | 007,367,200 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSUSTORicon.dll
[2010/12/07 16:34:46 | 000,277,024 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtsUStor.dll
[2010/12/07 16:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB2.0 Card Reader Software
[2010/12/07 16:32:32 | 000,181,280 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtsUStor.sys
[2010/12/07 16:32:32 | 000,050,720 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtsUCcid.sys
[2004/11/24 18:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2011/01/06 01:59:05 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-227175942-290336581-80609558-1006UA.job
[2011/01/06 01:46:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/06 01:46:31 | 400,666,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/06 01:29:22 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\George\Desktop\HiJackThis.lnk
[2011/01/05 23:19:00 | 000,025,575 | ---- | M] () -- C:\Documents and Settings\George\Application Data\41B2.035
[2011/01/05 21:12:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/05 14:19:27 | 004,013,175 | R--- | M] () -- C:\Documents and Settings\George\Desktop\ComboFix.exe
[2011/01/05 12:23:47 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\George\Desktop\rkill.exe
[2011/01/04 12:22:24 | 000,000,414 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/01/04 11:59:01 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-227175942-290336581-80609558-1006Core.job
[2011/01/04 06:00:20 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Google Chrome.lnk
[2011/01/04 06:00:20 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/04 03:32:53 | 000,000,315 | RHS- | M] () -- C:\boot.ini
[2011/01/04 01:22:11 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/04 00:57:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/07 16:36:01 | 000,441,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/07 16:36:01 | 000,071,572 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/01/06 01:46:31 | 400,666,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/05 14:27:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/05 14:27:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/05 14:27:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/05 14:27:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/05 14:27:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/05 14:19:27 | 004,013,175 | R--- | C] () -- C:\Documents and Settings\George\Desktop\ComboFix.exe
[2011/01/05 12:23:36 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\George\Desktop\rkill.exe
[2011/01/04 12:39:11 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\George\Desktop\HiJackThis.lnk
[2010/12/24 02:29:45 | 000,025,575 | ---- | C] () -- C:\Documents and Settings\George\Application Data\41B2.035
[2010/12/07 16:36:59 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System\DriveIcon.dll
[2010/03/19 15:01:46 | 000,080,480 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\Schedule8.dat
[2010/02/16 13:26:39 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/05/25 19:26:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\PingTool.INI
[2009/05/13 13:34:25 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2009/05/13 13:34:25 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2009/05/13 11:45:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/05/07 08:18:43 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/22 00:23:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2009/04/21 16:52:12 | 000,005,438 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\6596BBB4-9082-4777-82CD-333690824933.txt
[2009/04/21 13:46:10 | 000,003,444 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\6596BBB4-9082-4777-82CD-333690824933.txt
[2009/04/15 15:13:38 | 000,175,104 | ---- | C] () -- C:\WINDOWS\lame_enc.dll
[2009/03/03 11:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/10/24 04:27:11 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/06/22 16:34:00 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/05/28 12:43:12 | 000,000,315 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2007/12/04 10:40:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2007/11/26 17:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007/11/26 17:35:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2007/11/26 17:33:33 | 000,006,326 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/11/26 17:31:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/09/19 21:11:52 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\cam1690.dll
[2007/09/18 14:21:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2007/09/18 14:19:27 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/06/01 12:22:58 | 000,000,325 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/23 12:09:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\emfxp.dll
[2007/04/17 23:21:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2007/04/17 23:20:56 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\512601FDB7.sys
[2007/04/17 23:20:55 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/02 10:44:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll
[2007/01/15 00:28:34 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/12/27 18:06:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2006/12/03 15:35:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\George\Application Data\wklnhst.dat
[2006/11/06 00:41:19 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/25 11:41:40 | 000,000,414 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/13 02:49:38 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/09/29 16:54:31 | 000,151,040 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/03 18:16:26 | 000,000,882 | ---- | C] () -- C:\WINDOWS\DC.ini
[2006/05/23 07:00:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/22 13:07:07 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/22 12:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/05/22 12:53:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/22 12:53:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/22 12:53:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/22 12:53:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/22 12:53:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/22 12:53:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/22 12:49:17 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/05/22 12:49:17 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/05/22 12:04:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/05/22 12:00:45 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/05/22 12:00:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/05/22 12:00:45 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/05/22 12:00:45 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/05/22 11:47:28 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/22 09:43:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/22 08:55:00 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/22 07:37:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/05/22 07:37:05 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/05 17:49:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006/01/05 16:36:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/12/09 13:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/23 12:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2004/12/20 10:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/10/03 16:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/01/27 12:13:54 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2003/12/09 16:25:17 | 000,000,067 | ---- | C] () -- C:\WINDOWS\NPinfotl.ini
[2002/10/06 18:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 23:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 23:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 23:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2000/01/07 12:15:51 | 000,280,064 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL
[1997/06/14 00:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D96771C
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44807EFA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFFC859A

< End of report >
[2011/01/06 01:59:05 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-227175942-290336581-80609558-1006UA.job
[2011/01/06 01:46:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/06 01:29:22 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\George\Desktop\HiJackThis.lnk
[2011/01/05 23:19:00 | 000,025,575 | ---- | M] () -- C:\Documents and Settings\George\Application Data\41B2.035
[2011/01/05 14:19:27 | 004,013,175 | R--- | M] () -- C:\Documents and Settings\George\Desktop\ComboFix.exe
[2011/01/05 12:23:47 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\George\Desktop\rkill.exe
[2011/01/04 12:22:24 | 000,000,414 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/01/04 11:59:01 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-227175942-290336581-80609558-1006Core.job
[2011/01/04 06:00:20 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Google Chrome.lnk
[2011/01/04 06:00:20 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/04 01:22:11 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/04 00:57:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/07 16:36:01 | 000,441,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/07 16:36:01 | 000,071,572 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D96771C
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44807EFA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFFC859A

< End of report >


OTL Extras logfile created on: 06/01/2011 02:01:01 - Run 1
OTL by OldTimer - Version Folder = C:\Documents and Settings\George\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

382.00 Mb Total Physical Memory | 98.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 0.80 Gb Free Space | 1.08% Space Free | Partition Type: NTFS

Computer Name: ROWANTREE | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde File not found
https [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

"Start" = 0

"Start" = 2

========== Firewall Settings ==========





"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

"EnableFirewall" = 0
"DisableNotifications" = 0

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"22178:TCP" = 22178:TCP:*:Disabled:BitComet 22178 TCP
"22178:UDP" = 22178:UDP:*:Disabled:BitComet 22178 UDP
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\WINDOWS\inf\explorer.exe" = C:\WINDOWS\inf\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" = C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)
"C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" = C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)
"C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11B5E957-FCF2-469D-AB66-963C38134231}" = Bluesoleil2.6.0.1 Release 070402
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 14
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Manuals
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{433BF933-81D6-4646-A318-3DE5DB6108F2}" = Icewind Dale - Heart of Winter
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update
"{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89C7E2EC-C18B-40D6-BAE0-78DA77F714A7}" = BT Fabric Keyboard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8ECBE643-8230-11D5-9D6B-00A024112F81}" = VDMSound 2.0.4
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A04C0520-4B34-4A58-ADC6-EFF04BB0C4D6}" = Great Battles of WWII: Stalingrad (Demo)
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DC24971E-1946-445D-8A82-CE685433FA7D}" =
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCE19796-1ADF-42DF-81D8-3563867FC2C2}" = TOSHIBA Zooming Hook
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ANNO 1602 - Gold Edition" = ANNO 1602 - Gold Edition
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"aviconverter" = AVIConverter 3.0
"camcodec" = CamStudio Lossless Codec
"Coda" = Coda codec pack
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DOOM Collector's Edition" = DOOM Collector's Edition
"EA/LimDep" = EA/LimDep
"FileZilla Client" = FileZilla Client
"FLVPlayer" = FLV Player 1.3.3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"GMailFS" = GMail Drive Shell Extension
"GoldWave v5.23" = GoldWave v5.23
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"Half-Life" = Half-Life
"Half-Life Retail Update_is1" = Half-Life Retail Update
"Half-Life Decay PC_is1" = Half-Life Decay PC 1.0
"Hospital" = Theme Hospital
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"Icewind Dale" = Icewind Dale
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InternetPlayer" = InternetPlayer
"Keeper" = Dungeon Keeper Gold
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"Maxthon" = Maxthon Browser (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmswitch" = Morgan Stream Switcher
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (" = Mozilla Thunderbird (
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PIG Mod" = PIG Mod
"Power Saver" = TOSHIBA Power Saver
"PowerISO" = PowerISO
"QuicktimeAlt_is1" = QuickTime Alternative 1.66
"RealPlayer 6.0" = RealPlayer
"Replay_AV_807" = Replay AV 8
"RPG Maker 2000 ColumbineRPG" = RPG Maker 2000 - Super Columbine Massacre RPG!
"ShellExView" = ShellExView
"Sierra Utilities" = Sierra Utilities
"smartision ScreenCopy_is1" = smartision ScreenCopy 2.3
"Spotify" = Spotify
"StarCraft" = StarCraft
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"SWF & FLV Toolbox_is1" = SWF & FLV Toolbox 3.5 (build
"Tag&Rename_is1" = Tag&Rename 3.2
"Tiberian Sun" = Command & Conquer Tiberian Sun
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WOLAPI" = Westwood Shared Internet Components
"XP Codec Pack" = XP Codec Pack
"XviD_is1" = XviD MPEG-4 Video Codec
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_USERS Uninstall List ==========

"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/03/2010 17:23:32 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version, faulting module
skype.exe, version, fault address 0x0024e7ee.

Error - 28/11/2010 10:36:12 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application redsquirrel.exe, version, faulting module
callwin32.dll, version, fault address 0x0000220c.

Error - 28/11/2010 10:53:08 | Computer Name = ROWANTREE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 28/11/2010 10:53:08 | Computer Name = ROWANTREE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 28/11/2010 19:01:58 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version, faulting module libpacketizer_h264_plugin.dll,
version, fault address 0x00002b43.

Error - 28/11/2010 19:02:21 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version, faulting module libpacketizer_h264_plugin.dll,
version, fault address 0x00002b43.

Error - 28/11/2010 19:03:35 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version, faulting module libpacketizer_h264_plugin.dll,
version, fault address 0x00002b43.

Error - 09/12/2010 20:57:12 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avisplitter.ax, version, fault address 0x00022e58.

Error - 11/12/2010 08:05:22 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version, faulting module
gcswf32.dll, version, fault address 0x00182c2b.

Error - 19/12/2010 11:05:22 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avisplitter.ax, version, fault address 0x00022e58.

[ System Events ]
Error - 05/01/2011 21:41:28 | Computer Name = ROWANTREE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip Tcpip6 TPwSav

Error - 05/01/2011 21:43:19 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:43:40 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:43:58 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:44:13 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:44:29 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:44:29 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:44:29 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:44:39 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:45:28 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

========== Extra Registry (SafeList) ==========

========== File Associations ==========

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde File not found
https [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

"Start" = 0

"Start" = 2

========== Firewall Settings ==========





"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

"EnableFirewall" = 0
"DisableNotifications" = 0

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"22178:TCP" = 22178:TCP:*:Disabled:BitComet 22178 TCP
"22178:UDP" = 22178:UDP:*:Disabled:BitComet 22178 UDP
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\WINDOWS\inf\explorer.exe" = C:\WINDOWS\inf\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" = C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)
"C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" = C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)
"C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Documents and Settings\George\Application Data\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11B5E957-FCF2-469D-AB66-963C38134231}" = Bluesoleil2.6.0.1 Release 070402
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 14
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Manuals
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{433BF933-81D6-4646-A318-3DE5DB6108F2}" = Icewind Dale - Heart of Winter
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update
"{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89C7E2EC-C18B-40D6-BAE0-78DA77F714A7}" = BT Fabric Keyboard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8ECBE643-8230-11D5-9D6B-00A024112F81}" = VDMSound 2.0.4
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A04C0520-4B34-4A58-ADC6-EFF04BB0C4D6}" = Great Battles of WWII: Stalingrad (Demo)
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DC24971E-1946-445D-8A82-CE685433FA7D}" =
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCE19796-1ADF-42DF-81D8-3563867FC2C2}" = TOSHIBA Zooming Hook
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ANNO 1602 - Gold Edition" = ANNO 1602 - Gold Edition
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"aviconverter" = AVIConverter 3.0
"camcodec" = CamStudio Lossless Codec
"Coda" = Coda codec pack
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DOOM Collector's Edition" = DOOM Collector's Edition
"EA/LimDep" = EA/LimDep
"FileZilla Client" = FileZilla Client
"FLVPlayer" = FLV Player 1.3.3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"GMailFS" = GMail Drive Shell Extension
"GoldWave v5.23" = GoldWave v5.23
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"Half-Life" = Half-Life
"Half-Life Retail Update_is1" = Half-Life Retail Update
"Half-Life Decay PC_is1" = Half-Life Decay PC 1.0
"Hospital" = Theme Hospital
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"Icewind Dale" = Icewind Dale
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InternetPlayer" = InternetPlayer
"Keeper" = Dungeon Keeper Gold
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"Maxthon" = Maxthon Browser (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmswitch" = Morgan Stream Switcher
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (" = Mozilla Thunderbird (
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PIG Mod" = PIG Mod
"Power Saver" = TOSHIBA Power Saver
"PowerISO" = PowerISO
"QuicktimeAlt_is1" = QuickTime Alternative 1.66
"RealPlayer 6.0" = RealPlayer
"Replay_AV_807" = Replay AV 8
"RPG Maker 2000 ColumbineRPG" = RPG Maker 2000 - Super Columbine Massacre RPG!
"ShellExView" = ShellExView
"Sierra Utilities" = Sierra Utilities
"smartision ScreenCopy_is1" = smartision ScreenCopy 2.3
"Spotify" = Spotify
"StarCraft" = StarCraft
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"SWF & FLV Toolbox_is1" = SWF & FLV Toolbox 3.5 (build
"Tag&Rename_is1" = Tag&Rename 3.2
"Tiberian Sun" = Command & Conquer Tiberian Sun
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WOLAPI" = Westwood Shared Internet Components
"XP Codec Pack" = XP Codec Pack
"XviD_is1" = XviD MPEG-4 Video Codec
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_USERS Uninstall List ==========

"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/03/2010 17:23:32 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version, faulting module
skype.exe, version, fault address 0x0024e7ee.

Error - 28/11/2010 10:36:12 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application redsquirrel.exe, version, faulting module
callwin32.dll, version, fault address 0x0000220c.

Error - 28/11/2010 10:53:08 | Computer Name = ROWANTREE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 28/11/2010 10:53:08 | Computer Name = ROWANTREE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 28/11/2010 19:01:58 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version, faulting module libpacketizer_h264_plugin.dll,
version, fault address 0x00002b43.

Error - 28/11/2010 19:02:21 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version, faulting module libpacketizer_h264_plugin.dll,
version, fault address 0x00002b43.

Error - 28/11/2010 19:03:35 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version, faulting module libpacketizer_h264_plugin.dll,
version, fault address 0x00002b43.

Error - 09/12/2010 20:57:12 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avisplitter.ax, version, fault address 0x00022e58.

Error - 11/12/2010 08:05:22 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version, faulting module
gcswf32.dll, version, fault address 0x00182c2b.

Error - 19/12/2010 11:05:22 | Computer Name = ROWANTREE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avisplitter.ax, version, fault address 0x00022e58.

[ System Events ]
Error - 05/01/2011 21:41:28 | Computer Name = ROWANTREE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip Tcpip6 TPwSav

Error - 05/01/2011 21:43:19 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:43:40 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:43:58 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:44:13 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:44:29 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:44:29 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:44:29 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:44:39 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/01/2011 21:45:28 | Computer Name = ROWANTREE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >
Regular Member
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands
Register to Remove

Re: Opera Hijacked

Unread postby deltalima » January 6th, 2011, 6:18 am

Hi nineinchheel,

382.00 Mb Total Physical Memory

Drive C: | 74.53 Gb Total Space | 0.80 Gb Free Space | 1.08% Space Free

That is a very small amount of RAM and should be increased as soon as possible.

The free space on drive C: needs to be increased to at least 10% urgently.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://search.ebay.co.uk/search/search. ... 7&satitle=%s
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay, = +
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,% = %25
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.co.uk/search?hl=en&q=%s&btnG=Google+Search&meta=
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g, = +
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g,# = %23
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g,% = %25
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g,& = %26
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g,+ = %2B
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi, = http://images.google.com/images?hl=en&q=%s&btnG=Search+Images&gbv=2
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi, = +
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi,# = %23
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi,% = %25
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi,& = %26
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi,+ = %2B
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google, = http://www.google.co.uk/search?hl=en&q=%s&btnG=Google+Search&meta=
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google, = +
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google,# = %23
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google,% = %25
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google,& = %26
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google,+ = %2B
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki, = http://www.wikipedia.org/w/wiki.phtml?search=%s
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki, = +
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki,# = %23
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki,% = %25
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki,& = %26
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki,+ = %2B
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt, = http://www.youtube.com/results?search_query=%s
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt, = +
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt,# = %23
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt,% = %25
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt,& = %26
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt,+ = %2B
    IE - HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=
    O3 - HKU\S-1-5-21-227175942-290336581-80609558-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-227175942-290336581-80609558-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O4 - HKU\S-1-5-21-227175942-290336581-80609558-1006..\Run: [kcauhgbt] C:\DOCUME~1\George\LOCALS~1\Temp\huelamesu\nvthijelajb.exe File not found
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 0
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Before we continue you need to review the data stored on the hard drive and free up some more space.

Next remove Spybot - Search & Destroy then install an antivirus program as per my earlier post.

Please run a full scan with the antivirus program and post the log in your next reply.
User avatar
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Opera Hijacked

Unread postby nineinchheel » January 6th, 2011, 11:44 am

All processes killed
========== OTL ==========
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay\\| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay\\| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay\\#| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay\\%| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay\\&| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay\\+| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g\\| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g\\| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g\\#| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g\\%| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g\\&| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\g\\+| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi\\| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi\\| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi\\#| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi\\%| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi\\&| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\gi\\+| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google\\| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google\\| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google\\#| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google\\%| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google\\&| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\google\\+| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki\\| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki\\| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki\\#| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki\\%| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki\\&| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\wiki\\+| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt\\| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt\\| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt\\#| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt\\%| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt\\&| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\SearchURL\yt\\+| /E : value set successfully!
HKU\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-227175942-290336581-80609558-1006\Software\Microsoft\Windows\CurrentVersion\Run\\kcauhgbt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | 0 /E : value set successfully!
========== COMMANDS ==========


User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: George
->Temp folder emptied: 4024094 bytes
->Temporary Internet Files folder emptied: 1357711 bytes
->Java cache emptied: 67218550 bytes
->FireFox cache emptied: 39999864 bytes
->Google Chrome cache emptied: 119402840 bytes
->Opera cache emptied: 51075933 bytes
->Flash cache emptied: 2164315 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 272.00 mb

OTL by OldTimer - Version log created on 01062011_150337

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Avira AntiVir Personal
Report file date: 06 January 2011 15:42

Scanning for 2330942 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : George
Computer name : ROWANTREE

Version information:
BUILD.DAT : 31824 Bytes 13/12/2010 09:43:00
AVSCAN.EXE : 435368 Bytes 13/12/2010 08:39:56
AVSCAN.DLL : 46440 Bytes 01/04/2010 12:57:04
LUKE.DLL : 104296 Bytes 13/12/2010 08:40:06
LUKERES.DLL : 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 13342208 Bytes 14/12/2010 15:39:36
VBASE002.VDF : 2048 Bytes 14/12/2010 15:39:37
VBASE003.VDF : 2048 Bytes 14/12/2010 15:39:37
VBASE004.VDF : 2048 Bytes 14/12/2010 15:39:38
VBASE005.VDF : 2048 Bytes 14/12/2010 15:39:38
VBASE006.VDF : 2048 Bytes 14/12/2010 15:39:38
VBASE007.VDF : 2048 Bytes 14/12/2010 15:39:38
VBASE008.VDF : 2048 Bytes 14/12/2010 15:39:38
VBASE009.VDF : 2048 Bytes 14/12/2010 15:39:39
VBASE010.VDF : 2048 Bytes 14/12/2010 15:39:39
VBASE011.VDF : 2048 Bytes 14/12/2010 15:39:39
VBASE012.VDF : 2048 Bytes 14/12/2010 15:39:39
VBASE013.VDF : 128000 Bytes 16/12/2010 15:39:40
VBASE014.VDF : 226816 Bytes 20/12/2010 15:39:43
VBASE015.VDF : 136192 Bytes 21/12/2010 15:39:44
VBASE016.VDF : 122880 Bytes 24/12/2010 15:39:45
VBASE017.VDF : 146944 Bytes 27/12/2010 15:39:46
VBASE018.VDF : 132608 Bytes 30/12/2010 15:39:48
VBASE019.VDF : 148480 Bytes 03/01/2011 15:39:49
VBASE020.VDF : 2048 Bytes 03/01/2011 15:39:49
VBASE021.VDF : 2048 Bytes 03/01/2011 15:39:50
VBASE022.VDF : 2048 Bytes 03/01/2011 15:39:50
VBASE023.VDF : 2048 Bytes 03/01/2011 15:39:50
VBASE024.VDF : 2048 Bytes 03/01/2011 15:39:50
VBASE025.VDF : 2048 Bytes 03/01/2011 15:39:50
VBASE026.VDF : 2048 Bytes 03/01/2011 15:39:50
VBASE027.VDF : 2048 Bytes 03/01/2011 15:39:50
VBASE028.VDF : 2048 Bytes 03/01/2011 15:39:51
VBASE029.VDF : 2048 Bytes 03/01/2011 15:39:51
VBASE030.VDF : 2048 Bytes 03/01/2011 15:39:51
VBASE031.VDF : 137216 Bytes 05/01/2011 15:39:52
Engineversion :
AEVDF.DLL : 106868 Bytes 13/12/2010 08:39:51
AESCRIPT.DLL : 1286524 Bytes 06/01/2011 15:40:11
AESCN.DLL : 127349 Bytes 13/12/2010 08:39:50
AESBX.DLL : 254324 Bytes 13/12/2010 08:39:50
AERDL.DLL : 635252 Bytes 13/12/2010 08:39:50
AEPACK.DLL : 512375 Bytes 06/01/2011 15:40:08
AEOFFICE.DLL : 201084 Bytes 13/12/2010 08:39:49
AEHEUR.DLL : 3158392 Bytes 06/01/2011 15:40:05
AEHELP.DLL : 246136 Bytes 13/12/2010 08:39:42
AEGEN.DLL : 397685 Bytes 13/12/2010 08:39:42
AEEMU.DLL : 393589 Bytes 13/12/2010 08:39:42
AECORE.DLL : 196984 Bytes 13/12/2010 08:39:41
AEBB.DLL : 53618 Bytes 13/12/2010 08:39:41
AVWINLL.DLL : 19304 Bytes 13/12/2010 08:39:56
AVPREF.DLL : 44904 Bytes 13/12/2010 08:39:54
AVREP.DLL : 62209 Bytes 17/06/2010 14:27:13
AVREG.DLL : 53096 Bytes 13/12/2010 08:39:54
AVSCPLR.DLL : 84328 Bytes 13/12/2010 08:39:56
AVARKT.DLL : 231784 Bytes 13/12/2010 08:39:52
AVEVTLOG.DLL : 203112 Bytes 13/12/2010 08:39:53
SQLITE3.DLL : 355688 Bytes 17/06/2010 14:27:22
AVSMTP.DLL : 63848 Bytes 13/12/2010 08:39:56
NETNT.DLL : 11624 Bytes 17/06/2010 14:27:21
RCIMAGE.DLL : 2550120 Bytes 28/01/2010 13:10:20
RCTEXT.DLL : 97128 Bytes 13/12/2010 08:40:20

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 06 January 2011 15:42

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'Apntex.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'toscdspd.exe' - '1' Module(s) have been scanned
Scan process 'ddwmon.exe' - '1' Module(s) have been scanned
Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
Scan process 'CeEKey.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'TODDSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '2452' files ).

End of the scan: 06 January 2011 15:43
Used time: 01:19 Minute(s)

The scan has been done completely.

0 Scanned directories
2933 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2933 Files not concerned
5 Archives were scanned
0 Warnings
0 Notes
Regular Member
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Opera Hijacked

Unread postby deltalima » January 6th, 2011, 3:10 pm

Hi nineinchheel,

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.4 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 23.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 23 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version

Remove GMER

Delete the GMER icon from your desktop.

Uninstall ComboFix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Note – it is vital that you update Windows XP to SP3 and IE to version 8
Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Opera Hijacked

Unread postby nineinchheel » January 6th, 2011, 3:25 pm

I believe it is more than likely that my malware came from some old hard disks of mine I have recently been looking at through a caddy. If I follow your instructions and look at the old hard disks is it likely that I will be protected?
Regular Member
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Opera Hijacked

Unread postby deltalima » January 6th, 2011, 3:27 pm

You will be far better protected than you were, but always proceed with caution and do not execute any files that you do not know.
User avatar
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Opera Hijacked

Unread postby Cypher » January 7th, 2011, 6:26 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Register to Remove


  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 184 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware