Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

freeze.com troubles

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

freeze.com troubles

Unread postby MontyTheSnake » January 16th, 2010, 1:32 am

Recently my brother downloaded some sort of screen saver from my.freeze.com. I tried to delete any files associated with it but I wasn't sure what to delete and what not to so I ended up just uninstalling a freeze.com program and left it that. Unfortunately, this had little effect on my system and my internet connection runs much slower than usual and frequently offers up redirects to results.freeze.com.

Here's my latest HiJack log and uninstall list:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:49 PM, on 1/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Mozilla FirefoxA\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8947606953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5637086015
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c991601fdf2358) (gupdate1c991601fdf2358) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8172 bytes



Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI Display Driver
Audacity 1.2.6
AVG Free 8.5
Bonjour
CIF USB Camera
Collab
Compatibility Pack for the 2007 Office system
Data Lifeguard Tools
Dell ResourceCD
DellConnect
Digidesign Shared Plug-Ins 7.0
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Dual-Core Optimizer
Echospin Delivery Wizard
Express Burn
Express Rip
Free Mp3 Wma Converter V 1.8.0
GalleryPlayer Images
Google Earth
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
Guitar Pro 5.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
InterLok Driver Kit
IrfanView (remove only)
iTunes
Java(TM) 6 Update 12
KhalSetup
K-Lite Codec Pack 4.1.7 (Full)
LAME v3.98.2 for Audacity
Last.fm 1.5.4.24567
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft WSE 3.0 Runtime
Mojo
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Napster for Windows Media Player
Ogg Converter
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OpenOffice.org Installer 1.0
Otto
Palm Desktop
PC Drummer Trial Edition 5.06
Power Tab Editor 1.7
PowerDVD 5.5
QuickTime
RealPlayer
Registry Mechanic 9.0
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Data@
Security Task Manager 1.7g
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sibelius Scorch Plugin
SigmaTel Audio
Skype™ 4.1
Sonic Update Manager
Sony Media Manager 2.0
Spybot - Search & Destroy
Trend Micro PC-cillin Internet Security 12
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
WavePad Uninstall
Windows Easy Transfer
Windows Internet Explorer 8 Release Candidate 1
Windows Live installer
Windows Live Messenger
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Xobni Core
Yahoo! Toolbar
MontyTheSnake
Active Member
 
Posts: 6
Joined: January 16th, 2010, 1:20 am
Advertisement
Register to Remove

Re: freeze.com troubles

Unread postby Carolyn » January 22nd, 2010, 1:11 pm

Hello MontyTheSnake,

My name is Carolyn and I'll be glad to help you with your computer problems. The logs that you will be posting can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


I notice that there is more than one antivirus program installed on your computer. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. When you have more than one antivirus program installed at the same time, they conflict with each other rendering the computer vulnerable or unusable.

It is NOT safe to have more than one anti-virus installed on a system, and doing so not only does NOT provide better protection, it will actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it WILL cause crashes!

Go to "Start -> Control Panel -> Add/Remove Programs" and uninstall all but one antivirus program.

===================

Next,

Please Update and Scan with Malwarebytes' Anti-Malware
  1. Launch Malwarebytes' Anti-Malware and select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  2. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  3. Leave the default options as it is and click on Start Scan.
  4. When done, you will be prompted. Click OK, then click on Show Results.
  5. Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  6. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.


Next,
Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please post the following:
  • The Malwarebytes' log
  • The OTL.txt logfile
  • The Extras.txt logfile
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: freeze.com troubles

Unread postby MontyTheSnake » January 23rd, 2010, 4:24 pm

Thank you for helping Carolyn! I very much appreciate it!

I uninstalled both AVG free and Spybot S&D. I left Malwarebyte's and PC Tools Mechanic. If you need me to remove anymore please let me know!

Here are my logs:

Malwarebytes' Anti-Malware 1.44
Database version: 3618
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18372

1/23/2010 6:43:33 AM
mbam-log-2010-01-23 (06-43-33).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 242311
Time elapsed: 1 hour(s), 54 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 1/23/2010 2:13:52 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Cindy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 373.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 34.19 Gb Free Space | 45.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 148.34 Gb Total Space | 97.10 Gb Free Space | 65.45% Space Free | Partition Type: NTFS
Drive F: | 149.75 Gb Total Space | 26.23 Gb Free Space | 17.52% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCMARTIN-90C945
Current User Name: Cindy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/22 22:48:00 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cindy\Desktop\OTL.exe
PRC - [2009/12/09 17:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Cindy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/11/25 15:42:58 | 03,176,408 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/11/25 15:42:18 | 00,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:04 | 10,358,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/19 16:11:24 | 01,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2009/02/17 18:30:33 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 18:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/05 17:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/02/05 17:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/08/21 19:57:14 | 00,487,424 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/08 19:06:52 | 00,290,889 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
PRC - [2006/12/08 19:06:52 | 00,262,215 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
PRC - [2006/12/08 19:06:48 | 00,823,362 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
PRC - [2006/09/04 20:54:44 | 00,880,722 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe


========== Modules (SafeList) ==========

MOD - [2010/01/22 22:48:00 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cindy\Desktop\OTL.exe
MOD - [2008/02/05 17:20:30 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (XobniService)
SRV - File not found [On_Demand | Stopped] -- -- (WLSetupSvc)
SRV - File not found [Disabled | Stopped] -- -- (usnjsvc)
SRV - File not found [Disabled | Stopped] -- -- (SQLAgent$SONY_MEDIAMGR)
SRV - File not found [On_Demand | Stopped] -- -- (MSSQL$SONY_MEDIAMGR)
SRV - [2009/11/25 15:42:18 | 00,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/23 21:12:10 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe -- (aspnet_state)
SRV - [2009/03/25 23:00:20 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/17 18:30:33 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c991601fdf2358) Google Update Service (gupdate1c991601fdf2358)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/21 16:53:54 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/13 18:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/13 18:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2008/04/13 18:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2008/02/05 17:22:36 | 00,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 17:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 17:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/08/21 20:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007/08/21 19:57:14 | 00,487,424 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/01/20 22:18:16 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 01:21:20 | 00,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 00,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 00,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/12/08 19:06:52 | 00,585,792 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe -- (TmPfw)
SRV - [2006/12/08 19:06:52 | 00,290,889 | ---- | M] (Trend Micro Incorporated.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe -- (Tmntsrv)
SRV - [2006/12/08 19:06:52 | 00,262,215 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe -- (tmproxy)
SRV - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/04 20:54:44 | 00,880,722 | ---- | M] (Trend Micro Incorporated.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe -- (PcCtlCom)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/10 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/30 17:43:49 | 00,067,424 | ---- | M] (CyberDefender Corp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDAVFS.sys -- (CDAVFS)
DRV - [2008/07/18 18:08:38 | 00,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (Tmfilter)
DRV - [2008/07/18 18:08:32 | 00,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (Tmpreflt)
DRV - [2008/07/18 17:51:32 | 01,195,448 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\VsapiNT.sys -- (Vsapint)
DRV - [2008/06/19 15:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/05 16:05:15 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/08 08:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 12:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/05 20:21:48 | 00,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/05 20:21:37 | 04,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/02/05 20:21:25 | 00,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/05 20:20:40 | 00,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/05 17:20:08 | 00,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 17:18:12 | 00,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2008/01/04 15:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/12/14 17:07:22 | 00,003,768 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCVideo32.sys -- (MusCVideo32)
DRV - [2007/12/14 17:07:20 | 00,513,152 | ---- | M] (Windows (R) 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCDriverV32.sys -- (MusCDriverV32)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/25 05:10:18 | 00,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/08/21 20:07:39 | 02,417,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/12/08 19:06:55 | 01,884,585 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\tm_cfw.sys -- (tm_cfw)
DRV - [2006/12/08 19:06:55 | 00,038,528 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/11/10 12:51:46 | 00,505,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006/11/02 06:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2006/05/24 23:53:06 | 00,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/05/10 08:56:54 | 00,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/05/10 08:56:50 | 00,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/05/10 08:56:26 | 00,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005/12/22 10:34:00 | 00,072,032 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2005/11/18 12:02:50 | 00,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 12:02:10 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 05:20:00 | 00,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/14 17:40:08 | 00,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/02/23 13:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/12/13 15:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/10/14 16:30:46 | 00,155,648 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2004/08/10 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/06/15 22:52:40 | 00,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2002/08/20 13:00:00 | 00,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.google.com/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-854245398-1214440339-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-854245398-1214440339-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-854245398-1214440339-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 21 A8 50 3A 93 CA 01 [binary data]
IE - HKU\S-1-5-21-854245398-1214440339-1801674531-1003\S-1-5-21-854245398-1214440339-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-854245398-1214440339-1801674531-1003\S-1-5-21-854245398-1214440339-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: {336dc353-5272-420c-84e7-ba1f3c9c2aeb}:1.300.273
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3
FF - prefs.js..extensions.enabledItems: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}:4.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=60459&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla FirefoxA\components [2010/01/12 00:37:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla FirefoxA\plugins [2010/01/16 15:00:43 | 00,000,000 | ---D | M]

[2009/02/07 23:11:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Extensions
[2009/02/07 23:11:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/23 08:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\w80lv25l.default\extensions
[2009/09/16 20:33:11 | 00,000,000 | ---D | M] (Causes) -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\w80lv25l.default\extensions\{336dc353-5272-420c-84e7-ba1f3c9c2aeb}
[2009/01/15 11:40:17 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\w80lv25l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/28 18:14:57 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\w80lv25l.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/14 09:13:49 | 00,000,000 | ---D | M] (Freeze Toolbar) -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\w80lv25l.default\extensions\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}
[2009/04/02 18:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\w80lv25l.default\extensions\moveplayer@movenetworks.com
[2009/07/28 16:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\w80lv25l.default\extensions\support@ancestry.com
[2008/05/25 16:59:21 | 00,001,901 | ---- | M] () -- C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\w80lv25l.default\searchplugins\aimsearch.xml

O1 HOSTS File: ([2010/01/09 17:13:36 | 00,363,060 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 http://www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 http://www.123simsen.com
O1 - Hosts: 127.0.0.1 123simsen.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 12514 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-854245398-1214440339-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-854245398-1214440339-1801674531-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-854245398-1214440339-1801674531-1003..\Run: [Google Update] C:\Documents and Settings\Cindy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-854245398-1214440339-1801674531-1003..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-854245398-1214440339-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-854245398-1214440339-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-854245398-1214440339-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-1214440339-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-854245398-1214440339-1801674531-1003_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O9 - Extra Button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-854245398-1214440339-1801674531-1003\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8947606953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 5637086015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/softwa ... Plugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 68.115.71.53
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cindy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cindy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/08 16:25:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/22 22:47:59 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cindy\Desktop\OTL.exe
[2010/01/22 11:16:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cindy\My Documents\My Received Podcasts
[2010/01/22 11:16:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cindy\Application Data\iPodder
[2010/01/22 11:15:54 | 00,000,000 | ---D | C] -- C:\Program Files\Juice
[2010/01/21 16:30:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/21 16:30:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/21 16:27:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/21 16:27:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/16 16:11:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cindy\Application Data\My Games
[2010/01/16 15:46:48 | 00,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2010/01/15 21:55:29 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Cindy\Recent
[2010/01/12 22:01:04 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/11 21:25:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/01/11 21:25:49 | 00,000,000 | ---D | C] -- C:\Program Files\Napster
[2010/01/07 21:40:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cindy\Application Data\MSNInstaller
[2010/01/07 21:01:57 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/01/07 20:53:11 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/02/18 08:28:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/17 18:30:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/05/30 13:37:10 | 01,694,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2008/05/30 13:35:56 | 00,097,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[2008/05/30 13:34:50 | 00,528,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[45 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/23 14:20:00 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/23 13:26:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1214440339-1801674531-1003UA.job
[2010/01/23 09:25:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/23 03:25:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/23 01:47:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ca5b909d3adea.job
[2010/01/22 23:15:26 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/22 22:48:00 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cindy\Desktop\OTL.exe
[2010/01/22 21:25:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/22 21:25:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/22 15:26:01 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1214440339-1801674531-1003Core.job
[2010/01/22 15:25:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/22 11:15:59 | 00,000,658 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\Juice.lnk
[2010/01/22 11:06:05 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/22 11:02:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 11:02:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/22 11:02:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/01/22 11:02:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/01/22 11:01:33 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Cindy\ntuser.ini
[2010/01/22 11:01:32 | 15,204,352 | ---- | M] () -- C:\Documents and Settings\Cindy\NTUSER.DAT
[2010/01/22 09:23:57 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\Microsoft Office Word 2003.lnk
[2010/01/21 15:22:42 | 00,002,294 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\Google Chrome.lnk
[2010/01/21 08:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/19 11:58:43 | 00,458,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/19 11:58:43 | 00,077,374 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/18 18:59:15 | 01,320,020 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\Julie's Dance Attack.mp3
[2010/01/16 15:46:55 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Sid Meier's Civilization 4.lnk
[2010/01/16 15:00:44 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/15 23:23:12 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\HijackThis.lnk
[2010/01/13 20:32:55 | 00,111,104 | ---- | M] () -- C:\Documents and Settings\Cindy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 22:49:13 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 03:52:04 | 00,000,284 | ---- | M] () -- C:\Documents and Settings\Cindy\Desktop\Shortcut to Expansion (E).lnk
[2010/01/10 09:27:18 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/01/09 17:13:36 | 00,363,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/07 20:54:07 | 00,001,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[45 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/22 11:15:55 | 00,000,658 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\Juice.lnk
[2010/01/21 15:22:42 | 00,002,294 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\Google Chrome.lnk
[2010/01/21 15:21:59 | 00,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1214440339-1801674531-1003UA.job
[2010/01/21 15:21:58 | 00,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1214440339-1801674531-1003Core.job
[2010/01/18 11:14:03 | 01,320,020 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\Julie's Dance Attack.mp3
[2010/01/16 15:46:55 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Sid Meier's Civilization 4.lnk
[2010/01/16 15:00:44 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/15 23:23:12 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\HijackThis.lnk
[2010/01/15 21:26:39 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/15 21:26:38 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/15 21:26:38 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/15 21:26:38 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/15 21:26:37 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/12 03:52:04 | 00,000,284 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\Shortcut to Expansion (E).lnk
[2010/01/09 22:24:33 | 00,001,692 | ---- | C] () -- C:\Documents and Settings\Cindy\Desktop\Palm Desktop.lnk
[2010/01/07 21:04:07 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/07 20:54:07 | 00,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/12/14 09:14:52 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\Cindy\Local Settings\Application Data\xobni_installer_updater.log
[2009/08/09 12:06:07 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\msadio.dll
[2009/01/06 17:53:10 | 00,000,026 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2008/12/21 22:51:00 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/21 22:50:59 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/11/30 17:44:41 | 00,000,064 | ---- | C] () -- C:\WINDOWS\av_affiliate.ini
[2008/11/30 17:44:39 | 00,000,064 | ---- | C] () -- C:\WINDOWS\as_affiliate.ini
[2008/11/28 12:28:39 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/28 12:28:38 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/28 12:28:35 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/28 12:28:35 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/28 12:28:33 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/28 12:28:33 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 10:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/26 13:00:50 | 00,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/10/20 20:42:06 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2008/09/07 21:07:33 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/07/23 10:50:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/05 16:05:14 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/05/30 13:38:30 | 01,158,739 | ---- | C] () -- C:\Program Files\BDANT.cab
[2008/05/30 13:38:30 | 01,130,465 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
[2008/05/30 13:38:30 | 01,118,469 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
[2008/05/30 13:38:30 | 01,087,968 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
[2008/05/30 13:38:30 | 01,082,704 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
[2008/05/30 13:38:30 | 01,082,210 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
[2008/05/30 13:38:28 | 01,080,892 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
[2008/05/30 13:38:26 | 01,068,173 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
[2008/05/30 13:38:26 | 01,016,473 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
[2008/05/30 13:38:26 | 00,978,396 | ---- | C] () -- C:\Program Files\BDAXP.cab
[2008/05/30 13:38:26 | 00,919,678 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab
[2008/05/30 13:38:26 | 00,867,848 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x64.cab
[2008/05/30 13:38:26 | 00,855,534 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab
[2008/05/30 13:38:24 | 00,871,076 | ---- | C] () -- C:\Program Files\Jun2008_d3dx10_38_x64.cab
[2008/05/30 13:38:24 | 00,853,167 | ---- | C] () -- C:\Program Files\Jun2008_d3dx10_38_x86.cab
[2008/05/30 13:38:24 | 00,848,132 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab
[2008/05/30 13:38:24 | 00,807,132 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x86.cab
[2008/05/30 13:38:24 | 00,702,292 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab
[2008/05/30 13:38:22 | 00,821,508 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab
[2008/05/30 13:38:22 | 00,800,115 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab
[2008/05/30 13:38:22 | 00,701,860 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab
[2008/05/30 13:38:20 | 00,701,720 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab
[2008/05/30 13:38:18 | 00,272,876 | ---- | C] () -- C:\Program Files\Jun2008_XAudio_x64.cab
[2008/05/30 13:38:16 | 00,699,113 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab
[2008/05/30 13:38:16 | 00,254,442 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x64.cab
[2008/05/30 13:38:14 | 00,272,272 | ---- | C] () -- C:\Program Files\Jun2008_XAudio_x86.cab
[2008/05/30 13:38:14 | 00,229,498 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x86.cab
[2008/05/30 13:38:14 | 00,216,055 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
[2008/05/30 13:38:12 | 00,201,344 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x64.cab
[2008/05/30 13:38:12 | 00,200,370 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x64.cab
[2008/05/30 13:38:12 | 00,200,010 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x64.cab
[2008/05/30 13:38:12 | 00,197,923 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x64.cab
[2008/05/30 13:38:10 | 00,186,151 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab
[2008/05/30 13:38:10 | 00,185,609 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab
[2008/05/30 13:38:08 | 00,199,014 | ---- | C] () -- C:\Program Files\APR2007_XACT_x64.cab
[2008/05/30 13:38:08 | 00,194,968 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
[2008/05/30 13:38:06 | 00,195,723 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab
[2008/05/30 13:38:06 | 00,184,033 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab
[2008/05/30 13:38:04 | 00,182,381 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab
[2008/05/30 13:38:04 | 00,181,607 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab
[2008/05/30 13:38:04 | 00,156,157 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x86.cab
[2008/05/30 13:38:04 | 00,151,512 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x86.cab
[2008/05/30 13:38:04 | 00,151,231 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x86.cab
[2008/05/30 13:38:02 | 00,156,260 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x86.cab
[2008/05/30 13:38:00 | 00,154,473 | ---- | C] () -- C:\Program Files\APR2007_XACT_x86.cab
[2008/05/30 13:38:00 | 00,136,351 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab
[2008/05/30 13:37:58 | 00,148,847 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab
[2008/05/30 13:37:58 | 00,135,657 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab
[2008/05/30 13:37:56 | 00,141,265 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab
[2008/05/30 13:37:56 | 00,140,483 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab
[2008/05/30 13:37:56 | 00,136,919 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab
[2008/05/30 13:37:54 | 00,056,550 | ---- | C] () -- C:\Program Files\APR2007_xinput_x86.cab
[2008/05/30 13:37:52 | 00,125,584 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x64.cab
[2008/05/30 13:37:52 | 00,124,302 | ---- | C] () -- C:\Program Files\Jun2008_XACT_x64.cab
[2008/05/30 13:37:52 | 00,100,065 | ---- | C] () -- C:\Program Files\APR2007_xinput_x64.cab
[2008/05/30 13:37:52 | 00,058,402 | ---- | C] () -- C:\Program Files\Jun2008_X3DAudio_x64.cab
[2008/05/30 13:37:52 | 00,049,306 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab
[2008/05/30 13:37:50 | 00,058,306 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab
[2008/05/30 13:37:50 | 00,025,153 | ---- | C] () -- C:\Program Files\Jun2008_X3DAudio_x86.cab
[2008/05/30 13:37:48 | 00,097,916 | ---- | C] () -- C:\Program Files\dxupdate.cab
[2008/05/30 13:37:48 | 00,049,258 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab
[2008/05/30 13:37:48 | 00,048,607 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab
[2008/05/30 13:37:46 | 00,090,390 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab
[2008/05/30 13:37:46 | 00,090,349 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab
[2008/05/30 13:37:46 | 00,047,700 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab
[2008/05/30 13:37:44 | 00,049,392 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab
[2008/05/30 13:37:42 | 00,096,982 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x86.cab
[2008/05/30 13:37:42 | 00,096,376 | ---- | C] () -- C:\Program Files\Jun2008_XACT_x86.cab
[2008/05/30 13:37:42 | 00,089,285 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab
[2008/05/30 13:37:42 | 00,025,115 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab
[2008/05/30 13:37:42 | 00,021,744 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab
[2008/05/30 13:36:04 | 13,267,416 | ---- | C] () -- C:\Program Files\dxnt.cab
[2008/05/30 13:36:02 | 04,165,878 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
[2008/05/30 13:36:02 | 01,805,306 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x64.cab
[2008/05/30 13:36:00 | 01,803,408 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab
[2008/05/30 13:35:56 | 01,795,856 | ---- | C] () -- C:\Program Files\Jun2008_d3dx9_38_x64.cab
[2008/05/30 13:35:56 | 01,773,110 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab
[2008/05/30 13:35:56 | 01,712,608 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x86.cab
[2008/05/30 13:35:56 | 01,711,400 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab
[2008/05/30 13:35:56 | 01,611,022 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab
[2008/05/30 13:35:56 | 01,610,606 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab
[2008/05/30 13:35:56 | 01,610,534 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab
[2008/05/30 13:35:56 | 01,609,287 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab
[2008/05/30 13:35:56 | 01,577,624 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
[2008/05/30 13:35:56 | 01,574,402 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
[2008/05/30 13:35:56 | 01,467,126 | ---- | C] () -- C:\Program Files\Jun2008_d3dx9_38_x86.cab
[2008/05/30 13:35:56 | 01,446,530 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab
[2008/05/30 13:35:56 | 01,416,150 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
[2008/05/30 13:35:56 | 01,401,078 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
[2008/05/30 13:35:56 | 01,361,224 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
[2008/05/30 13:35:56 | 01,339,250 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
[2008/05/30 13:35:54 | 01,366,044 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
[2008/05/30 13:35:54 | 01,353,790 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
[2008/05/30 13:35:54 | 01,350,602 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
[2008/05/30 13:35:54 | 01,250,747 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
[2008/05/01 18:07:54 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Cindy\Local Settings\Application Data\fusioncache.dat
[2008/04/14 21:24:26 | 00,000,038 | ---- | C] () -- C:\WINDOWS\System32\dtirc.dll
[2008/03/30 21:27:57 | 00,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2008/02/05 17:20:08 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/01/15 08:31:51 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/01/04 19:16:11 | 00,000,121 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/01/04 19:15:30 | 00,000,206 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/12/11 18:19:43 | 00,111,104 | ---- | C] () -- C:\Documents and Settings\Cindy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/01 20:47:09 | 00,009,770 | ---- | C] () -- C:\WINDOWS\MediaShout 3.ini
[2007/11/13 22:24:52 | 00,001,285 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/05/02 18:53:46 | 00,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2007/04/15 13:09:29 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/03/22 21:29:03 | 00,000,250 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2007/03/17 15:31:06 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/03/17 15:31:06 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/03/17 15:30:32 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/03/17 15:30:32 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/03/17 15:30:29 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/02/25 19:56:55 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/02/06 16:59:12 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\Cindy\Application Data\WavCodec.wff
[2007/02/04 11:42:35 | 00,002,919 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/22 15:15:32 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/20 21:00:17 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/20 21:00:17 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\808A268AF2.sys
[2007/01/07 08:01:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/08 17:48:49 | 00,000,600 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/21 08:30:24 | 00,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/21 08:30:12 | 02,287,458 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/21 08:28:42 | 00,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006/06/01 08:39:30 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\LDECMPG22.dll
[2006/06/01 08:39:20 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\LENCMPG22.dll
[2006/06/01 08:38:36 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\LENCMPG2KRN2.dll
[2006/05/31 09:52:54 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\LDECMPG2KRN2.dll
[2006/05/28 16:31:26 | 00,405,504 | ---- | C] () -- C:\WINDOWS\System32\LEncMPG4Krn.dll
[2006/05/23 06:35:22 | 01,814,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15_n.dll
[2005/11/28 18:11:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/17 11:57:30 | 00,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2004/10/05 16:37:20 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2004/08/10 05:00:00 | 00,026,156 | ---- | C] () -- C:\WINDOWS\System32\aanjda.dll
[2004/08/09 22:11:42 | 00,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/01 13:21:56 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/08/07 13:01:50 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/07/30 21:29:08 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/18 20:56:54 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\mp3enc.dll
[1998/03/22 12:50:02 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 1/23/2010 2:13:52 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Cindy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 373.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 34.19 Gb Free Space | 45.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 148.34 Gb Total Space | 97.10 Gb Free Space | 65.45% Space Free | Partition Type: NTFS
Drive F: | 149.75 Gb Total Space | 26.23 Gb Free Space | 17.52% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCMARTIN-90C945
Current User Name: Cindy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla FirefoxA\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-854245398-1214440339-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla FirefoxA\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"enablefirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm -- (Last.fm)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- File not found
"E:\Program Files\Microsoft Games\Rise of Nations\thrones.exe" = E:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations -- File not found
"C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe" = C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe:*:Enabled:Tmntsrv -- (Trend Micro Incorporated.)
"C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe" = C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe:*:Enabled:aawservice -- File not found
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService -- (Apple Inc.)
"C:\ComboFix\fdsv.cfexe" = C:\ComboFix\fdsv.cfexe:*:Enabled:fdsv -- File not found
"C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe" = C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe:*:Enabled:COCIManager -- (Logitech Inc.)
"C:\Documents and Settings\Cindy\Desktop\uTorrent.exe" = C:\Documents and Settings\Cindy\Desktop\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Deusty\Mojo\Mojo.exe" = C:\Program Files\Deusty\Mojo\Mojo.exe:*:Enabled:Mojo -- (Deusty)
"C:\Program Files\RadioRipper\RadioRipper.exe" = C:\Program Files\RadioRipper\RadioRipper.exe:*:Enabled:RadioRipper -- File not found
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"E:\Program Files\SwgClient_r.exe" = E:\Program Files\SwgClient_r.exe:*:Enabled:SwgClient_r -- File not found
"E:\Program Files\Steam\SteamApps\macamania\half-life 2 deathmatch\hl2.exe" = E:\Program Files\Steam\SteamApps\macamania\half-life 2 deathmatch\hl2.exe:*:Disabled:hl2 -- File not found
"C:\Program Files\Mozilla Firefox\abcd.exe" = C:\Program Files\Mozilla Firefox\abcd.exe:*:Enabled:Firefox -- File not found
"C:\Program Files\Mozilla FirefoxA\firefox.exe" = C:\Program Files\Mozilla FirefoxA\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files\Nakido\nakido.exe" = C:\Program Files\Nakido\nakido.exe:*:Enabled:Nakido -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"E:\Program Files\Rise of Nations\rise.exe" = E:\Program Files\Rise of Nations\rise.exe:*:Enabled:Rise of Nations -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Documents and Settings\Cindy\Desktop\Skype.exe" = C:\Documents and Settings\Cindy\Desktop\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}" = CIF USB Camera
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data@
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{24A55F97-AA44-4EDB-BEA1-CD51441B2AD4}" = Mojo
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{372B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3D83F6A1-A01B-4677-925C-DBBDB6478FA1}" = MediaShout 3
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6CFB4CA5-782E-4606-A9FE-C39F301CF9DA}" = InterLok Driver Kit
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}" = Trend Micro PC-cillin Internet Security 12
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C21B002-1B63-4973-9E0D-884929032D7B}" = MediaShout3 Update 626
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92B43A6F-E328-495A-ACFA-FC47C1B7215D}" = Digidesign Shared Plug-Ins 7.0
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9B52B30C-F65C-4244-ABCE-215E46E27AF0}" = Palm Desktop
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA63780B-DDB7-417b-8A13-E5AFBE08E807}" =
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC5352DA-F4F2-4A59-A1BF-41546342746B}" = CyberDefender Early Detection Center
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}" = Dual-Core Optimizer
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}" = Sony Media Manager 2.0
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2606C7-63AF-40F4-8919-F2EC654ACC91}" = Napster for Windows Media Player
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVS Video Tools 5_is1" = AVS Video Tools 5.6
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Collab" = Collab
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"esClient" = Echospin Delivery Wizard
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"GalleryPlayer Images" = GalleryPlayer Images
"GoldWave v5.25" = GoldWave v5.25
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"IrfanView" = IrfanView (remove only)
"Juice" = Juice 2.2
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.24567
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Ogg Converter" = Ogg Converter
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PC_Drummer_Trial_500" = PC Drummer Trial Edition 5.06
"PopupPopper" = Bayden PopupPopper (remove only)
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Security Task Manager" = Security Task Manager 1.7g
"Sibelius Scorch Plugin" = Sibelius Scorch Plugin
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Uninstall
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WETCable" = Windows Easy Transfer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFlyer32.dll" = WinFlyer
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-854245398-1214440339-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"Timesendshow" = CiD Help
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/22/2010 11:16:23 AM | Computer Name = MCMARTIN-90C945 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 9.0.2.25, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2010 11:19:16 AM | Computer Name = MCMARTIN-90C945 | Source = MSMQ | ID = 2020
Description = The administration queue cannot be initialized. Please verify that
the admin_queue$ queue exists in the Private Queues container under Message Queuing
in Computer Management. If this queue is absent, you must uninstall and reinstall
Message Queuing.

Error - 1/22/2010 11:19:16 AM | Computer Name = MCMARTIN-90C945 | Source = MSMQ | ID = 2052
Description = The ordering queue cannot be initialized. Please verify that the order_queue$
queue exists in the Private Queues container under Message Queuing in Computer
Management. If this queue is absent, you must uninstall and reinstall Message Queuing.

Error - 1/22/2010 1:02:47 PM | Computer Name = MCMARTIN-90C945 | Source = MSMQ | ID = 2020
Description = The administration queue cannot be initialized. Please verify that
the admin_queue$ queue exists in the Private Queues container under Message Queuing
in Computer Management. If this queue is absent, you must uninstall and reinstall
Message Queuing.

Error - 1/22/2010 1:02:47 PM | Computer Name = MCMARTIN-90C945 | Source = MSMQ | ID = 2052
Description = The ordering queue cannot be initialized. Please verify that the order_queue$
queue exists in the Private Queues container under Message Queuing in Computer
Management. If this queue is absent, you must uninstall and reinstall Message Queuing.

Error - 1/22/2010 1:14:30 PM | Computer Name = MCMARTIN-90C945 | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft .NET Framework 2.0 -- Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see http://support.microsoft.com/support/kb ... 2/5/00.asp

Error - 1/23/2010 1:24:24 AM | Computer Name = MCMARTIN-90C945 | Source = Application Hang | ID = 1002
Description = Hanging application WinRAR.exe, version 3.70.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/23/2010 1:24:53 AM | Computer Name = MCMARTIN-90C945 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/23/2010 1:31:20 AM | Computer Name = MCMARTIN-90C945 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/23/2010 1:31:20 AM | Computer Name = MCMARTIN-90C945 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 1/20/2010 10:58:14 PM | Computer Name = MCMARTIN-90C945 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/20/2010 11:37:45 PM | Computer Name = MCMARTIN-90C945 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/20/2010 11:38:31 PM | Computer Name = MCMARTIN-90C945 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/21/2010 12:33:46 AM | Computer Name = MCMARTIN-90C945 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/22/2010 11:13:17 AM | Computer Name = MCMARTIN-90C945 | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 1/22/2010 11:18:26 AM | Computer Name = MCMARTIN-90C945 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/22/2010 11:19:41 AM | Computer Name = MCMARTIN-90C945 | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%0

Error - 1/22/2010 11:26:35 AM | Computer Name = MCMARTIN-90C945 | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 1/22/2010 1:02:46 PM | Computer Name = MCMARTIN-90C945 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/22/2010 1:02:51 PM | Computer Name = MCMARTIN-90C945 | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%0


< End of report >
MontyTheSnake
Active Member
 
Posts: 6
Joined: January 16th, 2010, 1:20 am

Re: freeze.com troubles

Unread postby Carolyn » January 24th, 2010, 3:57 pm

Hello MontyTheSnake,

Registry Cleaners

Regarding Registry Mechanic Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html

===================


Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERUNT.exe

===================

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    DRV - [2008/06/19 15:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\ComboFix\fdsv.cfexe" =-
    "C:\Documents and Settings\Cindy\Desktop\uTorrent.exe" =-
    "C:\Program Files\Mozilla Firefox\abcd.exe" =-
    
    :Commands
    [emptytemp]
    [Reboot]
    

  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

===================

You have CD Emulation software that we need to disable until you are clean, as it is known to interfere with our tools.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

===================

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

===================

In your next reply, please post:

  1. The OTL log
  2. Gmer.txt
  3. please let me know if you are being redirected to any sites other than freeze.com
  4. also, please tell me if the redirects happen with both IE and Firefox
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: freeze.com troubles

Unread postby MontyTheSnake » January 25th, 2010, 3:58 pm

Thank you for the advice on registry programs. I will discontinue my use of it.

I checked to see if I was still getting re-directs of any sort with both firefox and internet explorer and I haven't gotten any so that is good news!

I had a problem with GMER. Once the scan finished, the window closed without giving me the opportunity to hit SAVE so I do NOT have a logfile for it. I ran the program over night and when I woke up it was no longer on my desktop.

Before I began receiving help from this forum I had downloaded Google Chrome and was using it instead of FireFox. The other night I was accessing malwareremoval.com and suddenly the browser crashed and warning signs popped up all over my screen saying I was infected. I had never seen this before so I immediately rebooted in safe mode and ran malwarebyte's. I know it isn't generally approved to run a scan without you saying to do so... so I am very sorry but I didn't feel I could access the internet safely without running the scan. I will post the malwarebyte's log along with the OTL text file you asked for. Do you want me to run GMER again or would that be pointless?

Malwarebytes' Anti-Malware 1.44
Database version: 3618
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18372

1/24/2010 5:23:30 PM
mbam-log-2010-01-24 (17-23-16).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 243214
Time elapsed: 1 hour(s), 29 minute(s), 55 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> No action taken.

Memory Modules Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Cindy\Local Settings\Temporary Internet Files\Content.IE5\7JUGDNRQ\SetupIS2010[1].exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP1090\A0164205.exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> No action taken.
C:\Documents and Settings\Cindy\Start Menu\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> No action taken.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> No action taken.



All processes killed
========== OTL ==========
Service pavboot stopped successfully!
Service pavboot deleted successfully!
C:\WINDOWS\system32\drivers\pavboot.sys moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall" | dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\ComboFix\fdsv.cfexe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Cindy\Desktop\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\abcd.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cindy
->Temp folder emptied: 14077896 bytes
->Temporary Internet Files folder emptied: 19533146 bytes
->Java cache emptied: 19921732 bytes
->FireFox cache emptied: 53884201 bytes
->Google Chrome cache emptied: 230532995 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 9237009 bytes
%systemroot%\System32\dllcache .tmp files removed: 26331240 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 107486 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23902682 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 151374 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 379.00 mb


OTL by OldTimer - Version 3.1.26.0 log created on 01242010_233127

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
MontyTheSnake
Active Member
 
Posts: 6
Joined: January 16th, 2010, 1:20 am

Re: freeze.com troubles

Unread postby Carolyn » January 26th, 2010, 3:41 pm

Hi MontyTheSnake,

Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 17.
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • From your desktop double-click on the download to install the newest version.
  • Note: If you don't want the Google toolbar, make sure you uncheck the option included in the installer!

Next,

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a description of how your computer is now running.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: freeze.com troubles

Unread postby MontyTheSnake » January 26th, 2010, 10:54 pm

My computer's performance seems to be just fine. I haven't had any re-directs in awhile and everything seems to be running smoothly. Here is my Kaspersky scan:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, January 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, January 26, 2010 20:24:32
Records in database: 3373978
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 120974
Threats found: 3
Infected objects found: 5
Suspicious objects found: 2
Scan duration: 03:14:10


File name / Threat / Threats count
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\13E.tmp Infected: Trojan.Win32.Agent.amp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\25F.tmp Infected: Trojan.Win32.Agent.amp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2D0.tmp Infected: Trojan.Win32.Agent.amp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3CF.tmp Infected: Trojan.Win32.Agent.amp 1
C:\Program Files\Trend Micro\Internet Security 12\VSSCUHJV.026 Suspicious: Type_Win32 1
C:\Program Files\Trend Micro\Internet Security 12\VSSIF33F.00I Suspicious: Type_Win32 1
C:\WINDOWS\system32\drivers\GEARAspiWDM.sys Infected: Rootkit.Win32.ZAccess.hd 1

Selected area has been scanned.
MontyTheSnake
Active Member
 
Posts: 6
Joined: January 16th, 2010, 1:20 am

Re: freeze.com troubles

Unread postby Carolyn » January 28th, 2010, 11:46 am

Hi MontyTheSnake,

Please download the latest version of IE8 from the Microsoft website. Do not install it yet

Next,

Please Click Start > Control Panel > Add/Remove Programs
Remove this program by clicking Remove

Windows Internet Explorer 8 Release Candidate 1

Now, please run the IE 8 installation program that you downloaded earlier.

=======================

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

=======================

This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!

CleanUp! with OTL
  • Double click OTL.exe to launch the program.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • When finished exit out of OTL
  • The tool will delete itself once it finishes, if not delete it by yourself.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Clear Infected System Restore Points
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
      Restart your computer

    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once,and not on a regular basis


  • Set correct settings for files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under Hidden files and folders if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check Display content of system folders
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Malwarebytes' Anti-Malware or SuperAntiSpyware
    These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
    You can download SuperAntiSpyware from HERE.

  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

    Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
    If this isn't done first, the next reboot may take a VERY LONG TIME.
    This is how to do it. First be sure you are signed in as a user with administrative privileges:
    Stop and Disable the DNS Client Service
    Go to Start, Run and type Services.msc and click OK.
    Under the Extended Tab, Scroll down and find this service.
    DNS Client
    Right-Click on the DNS Client Service. Choose Properties
    Select the General tab. Click on the Stop button.
    Click the Arrow-down tab on the right-hand side at the Start-up Type box.
    From the drop-down menu, click on Manual
    Click the Apply tab, then click OK


  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: freeze.com troubles

Unread postby MontyTheSnake » January 28th, 2010, 8:43 pm

The only problem I am having is updating IE8. Whenever I try to remove Windows Internet Explorer 8 Release Candidate 1 from the add/remove programs list the computer goes to a blue screen telling me that it has encountered a critical area and had to shut down. I never use Internet Explorer anyway so I don't know how big of a deal this is.

Otherwise, everything is running very smoothly! Thank you for the instructions on how to keep my PC clean!

I appreciate your help!
MontyTheSnake
Active Member
 
Posts: 6
Joined: January 16th, 2010, 1:20 am

Re: freeze.com troubles

Unread postby Carolyn » January 29th, 2010, 9:30 am

If you installed XP SP3 after IE8 RC1 was installed, then the program may be "locked in".

http://news.softpedia.com/news/IE8-RC1- ... 3036.shtml

If that is the case, then you would need to uninstall SP3 before uninstalling IE8. Then SP3 can be reinstalled prior to installing the current version of IE8.

Please see below forums for general troubleshooting of computers, and post there if you need help uninstalling IE8 RC1:

http://forums.whatthetech.com/forums.html
http://www.techguy.org/
http://www.bleepingcomputer.com/forums/

=================

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware