Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I've got something but I don't know what - HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 5th, 2010, 10:24 pm

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3958

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/5/2010 10:12:50 PM
mbam-log-2010-04-05 (22-12-50).txt

Scan type: Quick scan
Objects scanned: 142799
Time elapsed: 28 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Update:
Malwarebytes installed and updated through regular update option.
Still cannot directly connect to malwarebytes.org or update.microsoft.com
Popup still comes up a couple of times per day
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm
Advertisement
Register to Remove

Re: I've got something but I don't know what - HELP!

Unread postby Cypher » April 6th, 2010, 4:52 am

Hi jkgolden.
Are your searches still being redirected?

Download HostsXpert and unzip it to your computer, somewhere where you can find it but don't run it yet.


    Next.


    Re-run OTM
    • Double-click OTM.exe to run it.
    • Right-click then copy the following code, Do not include the word Code.
      Code: Select all
      :Files
      C:\WINDOWS\system32\drivers\etc\hosts
      :Commands
      [emptytemp]
      [start explorer]
      [Reboot]
      

      • Return to OTM, right-click then paste the code into the blank box below Image
      • Push the large Image button.
      • OTM may ask to reboot the machine. Please do so if asked.
      • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



    Next.


    • Double click on HostsXpert.exe to launch the programme.
    • When prompted with:
      HOSTS file does not exist, press OK to create HOSTS file, Cancel to quit.
    • Select OK.
    • Check to see if top button on left hand side says Make Writable?
      • If it does. click on it then proceed to next instruction.
      • If not, just proceed to next instruction
    • Click on Restore MS Hosts File to restore your Hosts file to its default condition
    • When prompted to confirm, click OK.
    • Click on the Download button (lower left hand side)
      • Click on MVPs Hosts... button.
      • Click on Replace button.
      • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
    • When finished.
      • Click on File Handling button.
      • Click on Make Read Only? to secure it against infection.
    • Exit the programme.

    Next.

    MBR Rootkit Detector:

    Please download MBR Rootkit Detector by GMER and save it to your desktop.

    • Double click on the MBR.exe file to run it.
    • A window will open briefly then close.
    • A log will be produced & saved to the desktop, called MBR.log.
    • Please post the contents of that log in your next reply.



    Logs/Information to Post in your Next Reply

    • OTM log.
    • MBR.log
    • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 6th, 2010, 10:14 pm

Update: same as before


OTM log:

All processes killed
========== FILES ==========
C:\WINDOWS\system32\drivers\etc\hosts moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 163890 bytes
->Temporary Internet Files folder emptied: 1593291 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 722 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Maddie
->Temp folder emptied: 30894 bytes
->Temporary Internet Files folder emptied: 29673731 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 5921 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Pam
->Temp folder emptied: 24850 bytes
->Temporary Internet Files folder emptied: 35442185 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1699 bytes

User: Pamela
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Sean
->Temp folder emptied: 26266 bytes
->Temporary Internet Files folder emptied: 323803627 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2850 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 373.00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04062010_213713

Files moved on Reboot...
C:\Documents and Settings\John\Local Settings\Temp\~DFB11D.tmp moved successfully.
C:\Documents and Settings\John\Local Settings\Temp\~DFD904.tmp moved successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\R33AKH3R\viewtopic[1].htm moved successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

=======================

mbr log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm

Re: I've got something but I don't know what - HELP!

Unread postby Cypher » April 7th, 2010, 5:39 am

Hi jkgolden.
Whatever is causing this is hiding pretty well.
You didn't answer my question are you're searches still being redirected?
We need to run ComboFix again.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    DeQuarantine::
    C:\qoobox\quarantine\c:\windows\AppPatch\AcAdProc.dll.vir
    Quit::
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.


Next.

I see you have CCleaner installed, please run it now.
CAUTION: Please do NOT use the "Registry" button in the left pane.
This is a built-in registry cleaner. Removing certain entries can render your computer inoperable!


Next.

Please disable Kaspersky Internet Security as it will interfer with the below scan.
Don't forget to re-enable it after the scan.

Next.

Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go to the Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan. * This will take a while. Please be patient *.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tutorial will help explain how to use the aforementioned online scan.



Logs/Information to Post in your Next Reply

  • ComboFix log.
  • Kaspersky log.
  • Please give me an update on your computers performance, are you're searches still redirected?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 8th, 2010, 7:01 pm

Note: Kaspersky online scan is being updated/changed and is temporarily unavailable.
I have run full, quick, & object scans with the latest updates with my installed version and found nothing.

Status:
I still cannot connect to windows update and at least once a day get a "security" popup.
I haven't searched for much so have not noticed any search redirects.

CCleaner log:

CLEANING COMPLETE - (24.116 secs)
------------------------------------------------------------------------------------------
1.10MB removed.
Secure file deletion enabled - Gutmann (35 passes)
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (121 files) 1.06MB
C:\Documents and Settings\John\Cookies\john@h.msn[2].txt 74 bytes
C:\Documents and Settings\John\Cookies\john@malwareremoval[2].txt 288 bytes
C:\Documents and Settings\John\Cookies\john@atdmt[1].txt 357 bytes
Marked for deletion: C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\John\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat
Marked for deletion: C:\Documents and Settings\John\Local Settings\History\History.IE5\MSHist012010040820100409\index.dat
C:\WINDOWS\TEMP\WGAErrLog.txt 483 bytes
C:\Documents and Settings\John\Local Settings\Temp\MAR2.tmp 1.31KB
C:\Documents and Settings\John\Local Settings\Temp\MAR3.tmp 1.25KB
C:\Documents and Settings\John\Local Settings\Temp\MARC4.tmp 1.31KB
C:\Documents and Settings\John\Local Settings\Temp\MARC5.tmp 1.25KB
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 1.52KB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 17.10KB
C:\WINDOWS\system32\wbem\Logs\wbemprox.log 1.86KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 201 bytes
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\Debug\UserMode\userenv.log 10.73KB
C:\Documents and Settings\John\Application Data\Apple Computer\QuickTime\QTPlayerSession.xml 2.13KB
------------------------------------------------------------------------------------------

Combofix log:

ComboFix 10-04-03.02 - John 04/08/2010 0:13.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.577 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\Cypher.com
Command switches used :: c:\docume~1\John\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-06 01:40 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 01:40 . 2010-04-06 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 01:40 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 21:59 . 2010-04-02 21:59 -------- d-----w- C:\_OTM
2010-04-02 21:58 . 2010-04-02 21:59 -------- d-----w- c:\program files\ERUNT
2010-04-02 10:42 . 2010-04-02 10:42 -------- d-----w- C:\rsit
2010-04-01 16:33 . 2010-04-01 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-04-01 03:36 . 2010-04-01 03:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-29 20:23 . 2010-03-29 20:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-29 19:34 . 2010-03-29 19:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-29 19:31 . 2010-03-29 19:31 -------- d-----w- c:\program files\IE8
2010-03-29 19:31 . 2010-03-29 19:31 -------- d-----w- c:\program files\Lavasoft
2010-03-28 20:28 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-28 20:28 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-03-28 20:24 . 2010-03-29 19:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-28 20:24 . 2010-03-29 19:32 -------- d-----w- c:\program files\Spyware Doctor
2010-03-28 20:22 . 2010-03-29 18:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-28 20:07 . 2010-03-29 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-28 19:07 . 2010-03-29 19:32 -------- d-----w- C:\SDFix
2010-03-26 20:19 . 2010-03-26 20:19 -------- d-----w- c:\documents and settings\Maddie\IECompatCache
2010-03-26 20:19 . 2010-03-26 20:19 -------- d-sh--w- c:\documents and settings\Maddie\PrivacIE
2010-03-26 20:16 . 2010-03-26 20:16 -------- d-sh--w- c:\documents and settings\Maddie\IETldCache
2010-03-26 15:44 . 2010-03-26 15:44 -------- d-sh--w- c:\documents and settings\Sean\IECompatCache
2010-03-26 15:42 . 2010-03-26 15:42 -------- d-sh--w- c:\documents and settings\Sean\PrivacIE
2010-03-26 15:35 . 2010-03-26 15:35 -------- d-sh--w- c:\documents and settings\Sean\IETldCache
2010-03-26 14:59 . 2010-03-26 14:59 -------- d-----w- c:\documents and settings\Pamela\IECompatCache
2010-03-26 14:56 . 2010-03-26 14:56 -------- d-----w- c:\documents and settings\Pamela\PrivacIE
2010-03-26 10:50 . 2010-03-26 10:50 -------- d-----w- c:\documents and settings\Pamela\Local Settings\Application Data\IsolatedStorage
2010-03-26 10:49 . 2010-03-26 10:49 -------- d-----w- c:\documents and settings\Pamela\Local Settings\Application Data\HP
2010-03-26 10:49 . 2010-03-26 10:49 129 ----a-w- c:\documents and settings\Pamela\Local Settings\Application Data\fusioncache.dat
2010-03-26 10:49 . 2010-03-26 10:49 -------- d-----w- c:\documents and settings\Pamela\Local Settings\Application Data\Apple Computer
2010-03-26 04:20 . 2010-03-26 04:20 -------- d-sh--w- c:\documents and settings\Pam\IECompatCache
2010-03-26 04:20 . 2010-03-26 04:20 -------- d-sh--w- c:\documents and settings\Pam\PrivacIE
2010-03-26 04:17 . 2010-03-26 04:17 -------- d-sh--w- c:\documents and settings\Pam\IETldCache
2010-03-26 03:28 . 2010-03-26 03:28 -------- d-sh--w- c:\documents and settings\John\IECompatCache
2010-03-26 03:24 . 2010-03-26 03:24 -------- d-sh--w- c:\documents and settings\John\PrivacIE
2010-03-26 03:22 . 2010-03-26 03:22 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2010-03-26 03:22 . 2010-03-26 03:22 -------- d-sh--w- c:\documents and settings\John\IETldCache
2010-03-26 03:14 . 2010-03-29 20:13 -------- dc-h--w- c:\windows\ie8
2010-03-24 22:50 . 2010-03-24 22:50 -------- d-----w- c:\program files\Trend Micro
2010-03-23 15:13 . 2010-03-23 15:13 -------- d-----w- c:\documents and settings\Pam\Application Data\Malwarebytes
2010-03-20 14:21 . 2010-03-20 14:21 348160 ----a-w- c:\documents and settings\Maddie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a8cfcce-n\msvcr71.dll
2010-03-20 14:21 . 2010-03-20 14:21 503808 ----a-w- c:\documents and settings\Maddie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a8cfcce-n\msvcp71.dll
2010-03-20 14:21 . 2010-03-20 14:21 499712 ----a-w- c:\documents and settings\Maddie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a8cfcce-n\jmc.dll
2010-03-20 14:21 . 2010-03-20 14:21 61440 ----a-w- c:\documents and settings\Maddie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21191fb4-n\decora-sse.dll
2010-03-20 14:21 . 2010-03-20 14:21 12800 ----a-w- c:\documents and settings\Maddie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21191fb4-n\decora-d3d.dll
2010-03-17 18:29 . 2010-03-17 18:29 348160 ----a-w- c:\documents and settings\Pam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24e0cc40-n\msvcr71.dll
2010-03-17 18:29 . 2010-03-17 18:29 61440 ----a-w- c:\documents and settings\Pam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-436cd346-n\decora-sse.dll
2010-03-17 18:29 . 2010-03-17 18:29 503808 ----a-w- c:\documents and settings\Pam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24e0cc40-n\msvcp71.dll
2010-03-17 18:29 . 2010-03-17 18:29 12800 ----a-w- c:\documents and settings\Pam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-436cd346-n\decora-d3d.dll
2010-03-17 18:29 . 2010-03-17 18:29 499712 ----a-w- c:\documents and settings\Pam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24e0cc40-n\jmc.dll
2010-03-14 14:14 . 2010-03-14 14:14 348160 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6e9c72da-n\msvcr71.dll
2010-03-14 14:14 . 2010-03-14 14:14 61440 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-609b2ec8-n\decora-sse.dll
2010-03-14 14:14 . 2010-03-14 14:14 503808 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6e9c72da-n\msvcp71.dll
2010-03-14 14:14 . 2010-03-14 14:14 12800 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-609b2ec8-n\decora-d3d.dll
2010-03-14 14:14 . 2010-03-14 14:14 499712 ----a-w- c:\documents and settings\Sean\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6e9c72da-n\jmc.dll
2010-03-12 02:33 . 2010-03-12 02:33 503808 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-68ba6666-n\msvcp71.dll
2010-03-12 02:33 . 2010-03-12 02:33 499712 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-68ba6666-n\jmc.dll
2010-03-12 02:33 . 2010-03-12 02:33 348160 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-68ba6666-n\msvcr71.dll
2010-03-12 02:33 . 2010-03-12 02:33 61440 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-463b2ad8-n\decora-sse.dll
2010-03-12 02:33 . 2010-03-12 02:33 12800 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-463b2ad8-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 01:30 . 2008-09-12 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-04-06 19:39 . 2009-01-06 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-06 01:41 . 2009-08-30 02:17 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2010-04-06 01:40 . 2009-08-30 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-02 02:36 . 2008-07-18 03:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-02 02:36 . 2008-07-18 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-02 02:33 . 2008-08-01 01:32 -------- d-----w- c:\program files\Java
2010-04-02 02:33 . 2008-08-01 01:32 -------- d-----w- c:\program files\Common Files\Java
2010-04-01 17:47 . 2008-04-28 18:07 -------- d-----w- c:\documents and settings\Pam\Application Data\AdobeUM
2010-03-31 00:01 . 2008-04-27 02:23 88704 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-30 22:05 . 2008-04-28 00:54 88704 ----a-w- c:\documents and settings\Sean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-30 19:21 . 2008-04-28 00:24 88704 ----a-w- c:\documents and settings\Maddie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-30 09:49 . 2008-04-28 00:36 88704 ----a-w- c:\documents and settings\Pam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-30 02:08 . 2009-09-07 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-29 19:31 . 2008-07-18 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-29 00:56 . 2008-04-27 22:43 -------- d-----w- c:\documents and settings\John\Application Data\AdobeUM
2010-03-26 10:47 . 2010-03-26 10:47 88704 ----a-w- c:\documents and settings\Pamela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-15 22:41 . 2009-08-15 01:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-05 04:00 . 2008-07-11 00:25 -------- d-----w- c:\documents and settings\John\Application Data\Apple Computer
2010-03-05 03:15 . 2010-03-05 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-05 03:15 . 2008-07-11 00:23 -------- d-----w- c:\program files\iTunes
2010-03-05 03:14 . 2010-03-05 03:14 -------- d-----w- c:\program files\iPod
2010-03-05 03:14 . 2008-07-11 00:17 -------- d-----w- c:\program files\Common Files\Apple
2010-03-05 03:08 . 2010-03-05 03:08 -------- d-----w- c:\program files\Bonjour
2010-03-05 03:06 . 2008-07-11 00:20 -------- d-----w- c:\program files\QuickTime
2010-03-05 03:01 . 2010-03-05 03:01 -------- d-----w- c:\program files\Apple Software Update
2010-02-15 23:41 . 2010-02-15 23:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-13 00:33 . 2008-05-26 17:00 -------- d-----w- c:\documents and settings\Sean\Application Data\AdobeUM
2009-05-21 20:47 . 2009-05-21 20:41 8636 ----a-w- c:\program files\DeIsL1.isu
2001-02-20 11:34 . 2009-05-21 20:42 5396 ----a-w- c:\program files\README.TXT
1999-11-12 19:29 . 2009-05-21 20:41 6166 ----a-w- c:\program files\killwin.cfg
1999-11-12 18:22 . 2009-05-21 20:41 80534 ----a-w- c:\program files\picker.exe
1999-11-12 13:46 . 2009-05-21 20:42 80384 ----a-w- c:\program files\killwin.exe
1998-03-05 18:28 . 2009-05-21 20:42 1458432 ----a-w- c:\program files\SLIDESHO.EXE
1998-03-03 21:34 . 2009-05-21 20:42 1330304 ----a-w- c:\program files\Kidpix.exe
1998-03-03 21:33 . 2009-05-21 20:41 1777792 ----a-w- c:\program files\Pickerb.exe
1998-03-03 21:24 . 2009-05-21 20:42 804608 ----a-w- c:\program files\Stmpmatr.exe
1998-03-03 21:15 . 2009-05-21 20:42 743424 ----a-w- c:\program files\MOOPIES.EXE
1998-03-03 21:08 . 2009-05-21 20:42 597504 ----a-w- c:\program files\Puppets.exe
1998-02-27 16:40 . 2009-05-21 20:42 449536 ----a-w- c:\program files\WACKY.EXE
1998-02-24 12:32 . 2009-05-21 20:42 8451 ----a-w- c:\program files\SPANISH.HLP
1998-02-13 12:30 . 2009-05-21 20:42 6105 ----a-w- c:\program files\TVHELP.HLP
1998-02-13 12:30 . 2009-05-21 20:42 7775 ----a-w- c:\program files\STAMHELP.HLP
1998-02-13 12:30 . 2009-05-21 20:42 8068 ----a-w- c:\program files\SSHELP.HLP
1998-02-13 12:29 . 2009-05-21 20:42 6929 ----a-w- c:\program files\KIDPIX.HLP
1998-02-13 12:29 . 2009-05-21 20:42 7068 ----a-w- c:\program files\MOOPHELP.HLP
1998-02-13 12:29 . 2009-05-21 20:42 7399 ----a-w- c:\program files\KPHELP.HLP
1998-02-13 12:29 . 2009-05-21 20:42 7217 ----a-w- c:\program files\PUPPHELP.HLP
1997-12-15 15:08 . 2009-05-21 20:42 2241193 ----a-w- c:\program files\WAVSOUND.R
1997-11-21 10:39 . 2009-05-21 20:42 16896 ----a-w- c:\program files\USRL16D.DLL
1995-12-14 16:21 . 2009-05-21 20:42 30208 ----a-w- c:\program files\FBVNGN.EXE
1995-12-14 16:21 . 2009-05-21 20:42 6656 ----a-w- c:\program files\FBVTIMER.DLL
1995-12-14 16:20 . 2009-05-21 20:42 46080 ----a-w- c:\program files\FBVSPCH.DLL
1995-08-29 05:52 . 2009-05-21 20:42 220672 ----a-w- c:\program files\BC450RTL.DLL
1995-06-15 12:54 . 2009-05-21 20:42 207918 ----a-w- c:\program files\KPFONTS.DAT
1995-06-05 16:39 . 2009-05-21 20:42 226013 ----a-w- c:\program files\V02_FONT.DAT
1992-10-05 02:00 . 2009-05-21 20:42 130224 ----a-w- c:\program files\BWCC.DLL
1992-06-10 05:10 . 2009-05-21 20:42 29536 ----a-w- c:\program files\DIB.DRV
2009-09-01 02:10 . 2008-09-12 01:26 58944288 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-01 02:10 . 2008-09-12 01:26 2297120 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-01 03:04 . 2009-09-01 03:04 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-04-04_21.13.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-08 01:28 . 2010-04-08 01:28 16384 c:\windows\Temp\Perflib_Perfdata_320.dat
+ 2008-04-27 21:56 . 2010-04-05 12:05 2248192 c:\windows\Installer\2b7a6.msi
- 2008-04-27 21:56 . 2010-04-02 21:54 2248192 c:\windows\Installer\2b7a6.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"SoundMan"="SOUNDMAN.EXE" [2002-03-21 46592]
"Norton PasswordManager"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-09-09 124096]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-08-27 1450096]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AcctMgr"="c:\program files\Norton Password Manager\AcctMgr.exe" [2005-07-29 586896]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\documents and settings\John\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-10 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-29 809488]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 21:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/24/2008 6:34 PM 24652]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2009 9:03 PM 135664]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/29/2009 1:56 PM 10384]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-06 16:19]

2010-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cacf75d336521a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 01:02]

2010-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 01:02]

2010-04-08 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-10 08:48]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: capitalone.com\onlinebanking
Trusted Zone: capitalone.com\www
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.7. ... ontrol.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 00:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1808)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
Completion time: 2010-04-08 00:31:41
ComboFix-quarantined-files.txt 2010-04-08 04:31
ComboFix2.txt 2010-04-04 21:31

Pre-Run: 17,007,042,560 bytes free
Post-Run: 16,976,412,672 bytes free

- - End Of File - - B44CD8B188BB9AE2CE9002AEF196C3F5
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm

Re: I've got something but I don't know what - HELP!

Unread postby Cypher » April 9th, 2010, 7:12 am

Hi jkgolden.
I still cannot connect to windows update and at least once a day get a "security" popup.

Can you tell me exactly what this popup says?
Ok lets try another scanner.
Please run CCleaner again and dibable your Anti-virus before the below scan.



ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Let me know what the popup says.
  • Please give me an update on your computers performance, are you're searches still redirected?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 10th, 2010, 10:21 am

I cannot connect to the online scan site.
(internet explorer cannot display the webpage)

The pop-ups (redirects) go to the following websites:
hXXp://scanner.av2-site.info
hXXp://91.213.157.25
hXXp://85.12.44.155
They all have some message about your computer having viruses/sypware/malware and you need to click on them to get a free scan via their website. I haven't clicked on any of theses and have killed the ie-explorer proscess through task manager.

CCleaner log:

CLEANING COMPLETE - (52.812 secs)
------------------------------------------------------------------------------------------
7.18MB removed.
Secure file deletion enabled - Gutmann (35 passes)
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (352 files) 6.82MB
C:\Documents and Settings\John\Cookies\john@h.msn[2].txt 74 bytes
C:\Documents and Settings\John\Cookies\john@malwareremoval[3].txt 285 bytes
C:\Documents and Settings\John\Cookies\john@atdmt[1].txt 357 bytes
C:\Documents and Settings\John\Cookies\john@tvguide[1].txt 107 bytes
C:\Documents and Settings\John\Cookies\john@activenetwork.122.2o7[1].txt 130 bytes
C:\Documents and Settings\John\Cookies\john@atdmt[2].txt 190 bytes
C:\Documents and Settings\John\Cookies\john@kaspersky[1].txt 85 bytes
C:\Documents and Settings\John\Cookies\john@malwareremoval[2].txt 288 bytes
C:\Documents and Settings\John\Cookies\john@www.eteamz[1].txt 317 bytes
Marked for deletion: C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\John\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat
Marked for deletion: C:\Documents and Settings\John\Local Settings\History\History.IE5\MSHist012010041020100411\index.dat
C:\WINDOWS\TEMP\cch13FD.tmp 32.00KB
C:\WINDOWS\TEMP\cch13FE.tmp 32.00KB
C:\WINDOWS\TEMP\cch1409.tmp 32.00KB
C:\WINDOWS\TEMP\cch140A.tmp 32.00KB
C:\WINDOWS\TEMP\cch1415.tmp 32.00KB
C:\WINDOWS\TEMP\cch1416.tmp 32.00KB
C:\WINDOWS\TEMP\cch141B.tmp 32.00KB
C:\WINDOWS\TEMP\cch141C.tmp 32.00KB
C:\WINDOWS\TEMP\cch190F.tmp 32.00KB
C:\WINDOWS\TEMP\cch1910.tmp 32.00KB
C:\WINDOWS\TEMP\WGAErrLog.txt 505 bytes
C:\Documents and Settings\John\Local Settings\Temp\MAR1FB.tmp 1.31KB
C:\Documents and Settings\John\Local Settings\Temp\MAR1FC.tmp 1.25KB
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 2.03KB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 28.93KB
C:\WINDOWS\system32\wbem\Logs\wbemprox.log 4.13KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 335 bytes
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\Debug\UserMode\userenv.log 13.35KB
C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\7W6GRDMA\download1.evony.com\EvonyClient545.swf\addFavorite.sol 41 bytes
C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\7W6GRDMA\download1.evony.com\EvonyClient561.swf\addFavorite.sol 41 bytes
C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\7W6GRDMA\download1.evony.com\userInfo.sol 150 bytes
C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\7W6GRDMA\www.kaspersky.com\downloads\flash\loader_april_promo_frame.swf\april_promo_frame.sol 65 bytes
C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\7W6GRDMA\www.kaspersky.com\downloads\flash\rushmore_loader.swf\rushmore.sol 56 bytes
C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\7W6GRDMA\www.kaspersky.com\downloads\flash\windows7_loader.swf\windows7.sol 56 bytes
C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#download1.evony.com\settings.sol 89 bytes
C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.kaspersky.com\settings.sol 87 bytes
C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 463 bytes
------------------------------------------------------------------------------------------
Last edited by Dakeyras on April 11th, 2010, 3:05 pm, edited 1 time in total.
Reason: Deactivated malicious Urls
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm

Re: I've got something but I don't know what - HELP!

Unread postby Cypher » April 10th, 2010, 10:59 am

Hi jkgolden.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under the Custom Scan box paste this in, Do not include the word Code:
    Code: Select all
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.



Logs/Information to Post in your Next Reply

  • OTL.txt log.
  • OTL Extras.txt LOG.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 10th, 2010, 2:32 pm

OTL log:

OTL logfile created on: 4/10/2010 1:55:41 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 456.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 15.60 Gb Free Space | 39.94% Space Free | Partition Type: NTFS
Drive D: | 109.98 Gb Total Space | 72.43 Gb Free Space | 65.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 149.05 Gb Total Space | 30.97 Gb Free Space | 20.78% Space Free | Partition Type: NTFS

Computer Name: GOLDEN-HOME
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/10 13:54:59 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
PRC - [2008/11/07 17:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/11/07 17:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/10/25 08:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/04/27 12:01:55 | 000,819,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/20 03:09:41 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/07/29 10:32:21 | 000,586,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Password Manager\AcctMgr.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/08/27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/08/26 22:01:08 | 001,450,096 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2003/07/14 10:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002/03/21 06:23:32 | 000,046,592 | R--- | M] (Avance Logic, Inc.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/10 13:54:59 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/11/07 17:41:46 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/03 15:56:14 | 000,303,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2008/11/07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/27 12:01:55 | 000,819,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2004/08/27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2004/08/27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/defaultb.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/08/31 22:58:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/06 22:09:25 | 000,610,419 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 16151 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe (Symantec Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton PasswordManager] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 80 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: capitalone.com ([onlinebanking] https in Trusted sites)
O15 - HKCU\..Trusted Domains: capitalone.com ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 9260587578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9564009125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v ... b56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.7. ... ontrol.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/26 21:24:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/26 21:23:41 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338225421942784)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/10 13:54:55 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/04/10 10:12:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Recent
[2010/04/08 00:33:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/08 00:12:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/06 22:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\HostsXpert
[2010/04/05 21:40:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/05 21:40:03 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/05 21:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/05 21:38:34 | 004,875,560 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\John\Desktop\bam-rules.exe
[2010/04/05 21:37:54 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\John\Desktop\bam-setup-New.exe
[2010/04/04 16:47:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/04 16:45:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/04 16:45:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/04 16:45:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/04 16:44:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/02 17:59:45 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/02 17:59:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/02 17:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/02 17:44:13 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\John\Desktop\erunt-setup.exe
[2010/04/02 17:43:11 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTM.exe
[2010/04/02 06:42:16 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/01 12:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/03/31 23:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/03/31 21:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/03/31 21:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/03/31 21:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/03/31 21:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/03/29 15:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\IE8
[2010/03/29 15:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/28 16:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/28 16:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/03/28 16:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/28 16:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/03/28 16:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/03/28 15:07:35 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/01/07 21:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/24 21:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/24 21:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/24 21:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/05/21 16:42:22 | 000,046,080 | ---- | C] (First Byte) -- C:\Program Files\FBVSPCH.DLL
[2009/05/21 16:42:22 | 000,030,208 | ---- | C] (First Byte) -- C:\Program Files\FBVNGN.EXE
[2009/05/21 16:42:22 | 000,006,656 | ---- | C] (First Byte) -- C:\Program Files\FBVTIMER.DLL
[2009/05/21 16:42:17 | 000,130,224 | ---- | C] (Borland International) -- C:\Program Files\BWCC.DLL
[2009/05/21 16:42:16 | 000,016,896 | ---- | C] (Brøderbund Software) -- C:\Program Files\USRL16D.DLL
[2009/05/21 16:42:12 | 000,220,672 | ---- | C] (Borland International) -- C:\Program Files\BC450RTL.DLL
[2008/04/26 21:23:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/26 21:23:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/05/11 23:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 14 Days ==========

[2010/04/10 13:54:59 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/04/10 13:34:11 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/10 13:19:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/10 11:02:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/10 09:30:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/10 09:29:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cacf75d336521a.job
[2010/04/10 09:04:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/10 09:04:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/08 21:51:58 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\John\ntuser.dat
[2010/04/08 20:17:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
[2010/04/08 00:00:23 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job
[2010/04/06 22:10:59 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\John\Desktop\mbr.exe
[2010/04/06 22:09:25 | 000,610,419 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/04/06 21:36:22 | 000,353,485 | ---- | M] () -- C:\Documents and Settings\John\Desktop\HostsXpert.zip
[2010/04/05 22:49:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/05 21:40:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 11:51:08 | 004,875,560 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\John\Desktop\bam-rules.exe
[2010/04/05 11:03:18 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\John\Desktop\bam-setup-New.exe
[2010/04/05 11:01:22 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\John\Desktop\bam-clean.exe
[2010/04/04 17:56:06 | 000,052,006 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Rouge-IPaddress2.jpg
[2010/04/04 16:47:57 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/04 16:42:11 | 003,907,280 | R--- | M] () -- C:\Documents and Settings\John\Desktop\Cypher.com
[2010/04/04 14:26:08 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/04/02 17:58:50 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\John\Desktop\NTREGOPT.lnk
[2010/04/02 17:58:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2010/04/02 17:41:53 | 000,285,696 | ---- | M] () -- C:\Documents and Settings\John\Desktop\filet-o-fish.mp3
[2010/04/02 17:39:46 | 000,033,289 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Rouge-IPaddress.jpg
[2010/04/02 13:58:46 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\John\Desktop\rkill.exe
[2010/04/02 13:57:28 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTM.exe
[2010/04/02 13:57:04 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\John\Desktop\erunt-setup.exe
[2010/04/01 22:38:03 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\John\Desktop\RSIT.exe
[2010/04/01 22:37:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ygdt8ih9.exe
[2010/03/30 20:01:28 | 000,088,704 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/30 05:44:17 | 000,316,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 15:52:32 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Kaspersky Update Setting.jpg
[2010/03/27 23:00:11 | 000,039,407 | ---- | M] () -- C:\Documents and Settings\John\Desktop\VIRUS.jpg

========== Files Created - No Company Name ==========

[2010/04/06 22:10:59 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\John\Desktop\mbr.exe
[2010/04/06 21:36:17 | 000,353,485 | ---- | C] () -- C:\Documents and Settings\John\Desktop\HostsXpert.zip
[2010/04/05 21:40:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 21:31:00 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\John\Desktop\bam-clean.exe
[2010/04/04 17:56:06 | 000,052,006 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Rouge-IPaddress2.jpg
[2010/04/04 16:47:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/04 16:47:50 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/04 16:45:11 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/04 16:45:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/04 16:45:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/04 16:45:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/04 16:45:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/04 16:42:11 | 003,907,280 | R--- | C] () -- C:\Documents and Settings\John\Desktop\Cypher.com
[2010/04/02 17:58:50 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\John\Desktop\NTREGOPT.lnk
[2010/04/02 17:58:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2010/04/02 17:42:58 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\John\Desktop\rkill.exe
[2010/04/02 17:39:46 | 000,033,289 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Rouge-IPaddress.jpg
[2010/04/01 22:37:49 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\John\Desktop\RSIT.exe
[2010/04/01 22:37:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ygdt8ih9.exe
[2010/03/31 23:36:08 | 000,285,696 | ---- | C] () -- C:\Documents and Settings\John\Desktop\filet-o-fish.mp3
[2010/03/29 15:52:32 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Kaspersky Update Setting.jpg
[2010/03/29 15:27:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cacf75d336521a.job
[2010/03/28 16:28:45 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/03/28 16:28:45 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/03/28 16:28:45 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/03/28 16:28:45 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/03/27 23:00:11 | 000,039,407 | ---- | C] () -- C:\Documents and Settings\John\Desktop\VIRUS.jpg
[2009/12/12 16:36:53 | 000,001,135 | ---- | C] () -- C:\WINDOWS\AZPR3.INI
[2009/11/29 14:06:06 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\John\Application Data\setup_ldm.iss
[2009/09/18 09:48:10 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2009/08/29 20:59:49 | 000,018,695 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\afugez.dll
[2009/08/29 20:59:47 | 000,019,716 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\qoqunab.sys
[2009/08/29 20:59:47 | 000,018,901 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nedova._dl
[2009/08/29 20:59:47 | 000,014,489 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\juje._sy
[2009/08/29 20:59:47 | 000,014,278 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sosacyfe.pif
[2009/08/29 20:35:43 | 000,012,670 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\buze.bin
[2009/08/29 20:35:43 | 000,011,458 | ---- | C] () -- C:\WINDOWS\syrero.sys
[2009/08/29 20:35:43 | 000,010,276 | ---- | C] () -- C:\Documents and Settings\John\Application Data\cufamo.db
[2009/08/29 20:35:42 | 000,014,266 | ---- | C] () -- C:\Documents and Settings\John\Application Data\jidum.exe
[2009/08/29 20:35:42 | 000,012,936 | ---- | C] () -- C:\Documents and Settings\John\Application Data\nyna.pif
[2009/08/29 20:35:42 | 000,011,616 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ubaxox.lib
[2009/08/29 20:35:42 | 000,011,051 | ---- | C] () -- C:\WINDOWS\System32\jeci.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/16 23:41:26 | 000,002,878 | ---- | C] () -- C:\WINDOWS\FONTSMRT.INI
[2009/05/21 16:44:44 | 000,000,185 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/05/21 16:42:49 | 000,008,451 | ---- | C] () -- C:\Program Files\SPANISH.HLP
[2009/05/21 16:42:49 | 000,008,068 | ---- | C] () -- C:\Program Files\SSHELP.HLP
[2009/05/21 16:42:49 | 000,007,775 | ---- | C] () -- C:\Program Files\STAMHELP.HLP
[2009/05/21 16:42:49 | 000,007,399 | ---- | C] () -- C:\Program Files\KPHELP.HLP
[2009/05/21 16:42:49 | 000,007,217 | ---- | C] () -- C:\Program Files\PUPPHELP.HLP
[2009/05/21 16:42:49 | 000,007,068 | ---- | C] () -- C:\Program Files\MOOPHELP.HLP
[2009/05/21 16:42:OTL Extras logfile created on: 4/10/2010 1:55:41 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 456.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 15.60 Gb Free Space | 39.94% Space Free | Partition Type: NTFS
Drive D: | 109.98 Gb Total Space | 72.43 Gb Free Space | 65.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 149.05 Gb Total Space | 30.97 Gb Free Space | 20.78% Space Free | Partition Type: NTFS

Computer Name: GOLDEN-HOME
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0AD53AAB-CDDA-41FE-9EE2-D7A59347CE1C}" = Poker Clock Professional 2.1
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{20422811-5988-4E14-99D0-8B2C3794D684}" = Nanovor
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CD67A02-DF59-43f7-8E8F-86DCF40543EF}" = 2570_Help
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7EADB65C-70E8-4C94-AD0A-221462D41A85}" = Camtasia Studio 5
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{8315D4B0-9BF2-4D63-8654-74B89D288D6E}" = Norton Password Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A8D91906-4032-4443-8C49-69F90E38F39D}" = 2570
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57A7B53-0662-4AC0-9352-2AE2D8212A9F}" = Garmin Communicator Plugin
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{E02C0C32-1103-42E3-B2B3-1630675B778C}" = Avatar - Legends of The Arena
"{E38D4B55-212A-4016-BE7E-ED3A6153CBEA}" = NPM_DRM_COLLECTION
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6380875-C349-4CAD-B331-FF22632D44D4}" = Big Green Help
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE55FD52-0D47-4c5a-96EC-48F70FF30520}" = 2570Trb
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"{FE85D571-8BFE-4AB9-A7FB-54BBCA2E910B}" = Family Tree Maker
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.1" = Acoustica Mixcraft 4.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced ZIP Password Recovery" = Advanced ZIP Password Recovery
"AIM_6" = AIM 6
"Audio MP3 Editor_is1" = Audio MP3 Editor 1.25
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner (remove only)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Eufony Free APE MP3 Converter" = Eufony Free APE MP3 Converter
"FLAC" = FLAC 1.2.1b (remove only)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE7Pro" = IE7Pro
"ie8" = Windows Internet Explorer 8
"Img2gps_is1" = Img2gps v2.81
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IrfanView" = IrfanView (remove only)
"Kid Pix Studio Deluxe 1.0" = Kid Pix Studio Deluxe
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey's Audio_is1" = Monkey's Audio
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"New LEGO Digital Designer" = LEGO Digital Designer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteTab Light 5_is1" = NoteTab Light 5 (Remove only)
"PowerISO" = PowerISO
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"SpongeBob SquarePants Employee of the Month" = SpongeBob SquarePants Employee of the Month
"SymSetup.{8315D4B0-9BF2-4D63-8654-74B89D288D6E}" = Norton Password Manager (Symantec Corporation)
"The Rosetta Stone" = The Rosetta Stone
"Tweak UI 2.10" = Tweak UI
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/8/2010 9:40:04 PM | Computer Name = GOLDEN-HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module neaudio.ax, version 1.0.4.23, fault address 0x0000e9b8.

Error - 4/8/2010 9:40:18 PM | Computer Name = GOLDEN-HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module neaudio.ax, version 1.0.4.23, fault address 0x0000e9b8.

Error - 4/8/2010 9:41:26 PM | Computer Name = GOLDEN-HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module neaudio.ax, version 1.0.4.23, fault address 0x0000e9b8.

Error - 4/9/2010 8:26:32 AM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/9/2010 1:49:10 PM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/9/2010 2:37:21 PM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/9/2010 6:09:15 PM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/10/2010 9:09:41 AM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/10/2010 10:23:12 AM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/10/2010 10:54:08 AM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 4/9/2010 2:33:35 PM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 4/9/2010 6:05:33 PM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate
Scheduler service to connect.

Error - 4/9/2010 6:05:34 PM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%1053

Error - 4/9/2010 6:05:34 PM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7000
Description = The LBeepKE service failed to start due to the following error: %%31

Error - 4/9/2010 6:06:20 PM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 4/10/2010 9:05:41 AM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate
Scheduler service to connect.

Error - 4/10/2010 9:05:41 AM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%1053

Error - 4/10/2010 9:05:41 AM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7000
Description = The LBeepKE service failed to start due to the following error: %%31

Error - 4/10/2010 9:06:46 AM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 4/10/2010 9:13:02 AM | Computer Name = GOLDEN-HOME | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
49 | 000,006,105 | ---- | C] () -- C:\Program Files\TVHELP.HLP
[2009/05/21 16:42:48 | 000,006,929 | ---- | C] () -- C:\Program Files\KIDPIX.HLP
[2009/05/21 16:42:47 | 000,005,396 | ---- | C] () -- C:\Program Files\README.TXT
[2009/05/21 16:42:37 | 000,000,262 | ---- | C] () -- C:\WINDOWS\PROVW.INI
[2009/05/21 16:42:35 | 000,000,688 | ---- | C] () -- C:\WINDOWS\KPSTUDIO.INI
[2009/05/21 16:42:27 | 002,241,193 | ---- | C] () -- C:\Program Files\WAVSOUND.R
[2009/05/21 16:42:10 | 000,029,536 | ---- | C] () -- C:\Program Files\DIB.DRV
[2009/05/21 16:42:09 | 000,226,013 | ---- | C] () -- C:\Program Files\V02_FONT.DAT
[2009/05/21 16:42:07 | 000,207,918 | ---- | C] () -- C:\Program Files\KPFONTS.DAT
[2009/05/21 16:42:02 | 001,330,304 | ---- | C] () -- C:\Program Files\Kidpix.exe
[2009/05/21 16:42:02 | 000,804,608 | ---- | C] () -- C:\Program Files\Stmpmatr.exe
[2009/05/21 16:42:02 | 000,743,424 | ---- | C] () -- C:\Program Files\MOOPIES.EXE
[2009/05/21 16:42:02 | 000,597,504 | ---- | C] () -- C:\Program Files\Puppets.exe
[2009/05/21 16:42:02 | 000,449,536 | ---- | C] () -- C:\Program Files\WACKY.EXE
[2009/05/21 16:42:01 | 001,458,432 | ---- | C] () -- C:\Program Files\SLIDESHO.EXE
[2009/05/21 16:42:00 | 000,080,384 | ---- | C] () -- C:\Program Files\killwin.exe
[2009/05/21 16:41:59 | 001,777,792 | ---- | C] () -- C:\Program Files\Pickerb.exe
[2009/05/21 16:41:59 | 000,080,534 | ---- | C] () -- C:\Program Files\picker.exe
[2009/05/21 16:41:59 | 000,006,166 | ---- | C] () -- C:\Program Files\killwin.cfg
[2009/05/21 16:41:55 | 000,008,636 | ---- | C] () -- C:\Program Files\DeIsL1.isu
[2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 17:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/13 18:15:27 | 000,000,297 | ---- | C] () -- C:\WINDOWS\PicSaver.ini
[2008/07/31 21:42:02 | 000,000,035 | ---- | C] () -- C:\Documents and Settings\John\tmDebug.dat
[2008/05/07 21:01:11 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/05/07 20:58:45 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2008/05/07 20:58:45 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/05/01 13:09:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/28 22:22:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\John\Application Data\$_hpcst$.hpc
[2008/04/27 18:17:15 | 000,044,393 | ---- | C] () -- C:\Documents and Settings\John\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2008/04/27 18:17:15 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/04/27 18:16:46 | 000,002,060 | ---- | C] () -- C:\Documents and Settings\John\Application Data\HPSU_48BitScanUpdate.log
[2008/04/27 18:16:46 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/04/27 17:56:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2008/04/27 17:56:44 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\John\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2008/04/27 17:56:44 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2008/04/27 17:55:59 | 000,002,785 | ---- | C] () -- C:\Documents and Settings\John\Application Data\PatchUpdate_InstantShareJPG.log
[2008/04/27 17:55:59 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2008/04/27 17:54:54 | 000,003,596 | ---- | C] () -- C:\Documents and Settings\John\Application Data\PatchUpdate_IZClosingDiscError.log
[2008/04/27 17:54:54 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2008/04/27 17:53:29 | 000,028,807 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2008/04/27 17:53:29 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/04/27 17:45:07 | 000,599,074 | ---- | C] () -- C:\Documents and Settings\John\ProductContext2570.log
[2008/04/27 17:44:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2008/04/27 14:14:52 | 000,002,914 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/27 14:13:48 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/04/27 14:09:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/27 14:09:27 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/04/27 14:09:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/04/27 00:00:51 | 000,136,704 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/26 21:36:38 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2008/04/26 21:29:17 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\John\ntuser.dat.LOG
[2008/04/26 21:29:17 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\John\ntuser.ini
[2008/04/26 21:29:16 | 008,388,608 | ---- | C] () -- C:\Documents and Settings\John\ntuser.dat
[2003/08/07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2008/08/24 18:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/06/07 09:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2009/03/02 20:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/10/09 18:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nanovor
[2008/06/11 22:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/03/29 14:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/24 18:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/04 23:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/06/07 09:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Acoustica
[2009/06/01 21:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\DNA
[2009/02/10 20:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\GARMIN
[2009/03/15 19:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\IEPro
[2008/10/06 20:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\IrfanView
[2009/11/29 14:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Leadertech
[2008/04/27 00:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\MiniDm
[2008/09/09 09:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\NoteTab Light

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/26 22:12:10 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/26 22:12:10 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/04/26 22:12:10 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/26 22:12:10 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/03/31 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2003/03/31 08:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2003/03/31 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2003/03/31 08:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2004/02/23 02:00:00 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\MSVBVM60.DLL

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/26 17:12:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/26 17:12:38 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/26 17:12:38 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


Extras log:
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 10th, 2010, 2:37 pm

OTL Extras logfile created on: 4/10/2010 1:55:41 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 456.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 15.60 Gb Free Space | 39.94% Space Free | Partition Type: NTFS
Drive D: | 109.98 Gb Total Space | 72.43 Gb Free Space | 65.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 149.05 Gb Total Space | 30.97 Gb Free Space | 20.78% Space Free | Partition Type: NTFS

Computer Name: GOLDEN-HOME
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0AD53AAB-CDDA-41FE-9EE2-D7A59347CE1C}" = Poker Clock Professional 2.1
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{20422811-5988-4E14-99D0-8B2C3794D684}" = Nanovor
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CD67A02-DF59-43f7-8E8F-86DCF40543EF}" = 2570_Help
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7EADB65C-70E8-4C94-AD0A-221462D41A85}" = Camtasia Studio 5
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{8315D4B0-9BF2-4D63-8654-74B89D288D6E}" = Norton Password Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A8D91906-4032-4443-8C49-69F90E38F39D}" = 2570
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57A7B53-0662-4AC0-9352-2AE2D8212A9F}" = Garmin Communicator Plugin
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{E02C0C32-1103-42E3-B2B3-1630675B778C}" = Avatar - Legends of The Arena
"{E38D4B55-212A-4016-BE7E-ED3A6153CBEA}" = NPM_DRM_COLLECTION
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6380875-C349-4CAD-B331-FF22632D44D4}" = Big Green Help
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE55FD52-0D47-4c5a-96EC-48F70FF30520}" = 2570Trb
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"{FE85D571-8BFE-4AB9-A7FB-54BBCA2E910B}" = Family Tree Maker
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.1" = Acoustica Mixcraft 4.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced ZIP Password Recovery" = Advanced ZIP Password Recovery
"AIM_6" = AIM 6
"Audio MP3 Editor_is1" = Audio MP3 Editor 1.25
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner (remove only)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Eufony Free APE MP3 Converter" = Eufony Free APE MP3 Converter
"FLAC" = FLAC 1.2.1b (remove only)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE7Pro" = IE7Pro
"ie8" = Windows Internet Explorer 8
"Img2gps_is1" = Img2gps v2.81
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IrfanView" = IrfanView (remove only)
"Kid Pix Studio Deluxe 1.0" = Kid Pix Studio Deluxe
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey's Audio_is1" = Monkey's Audio
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"New LEGO Digital Designer" = LEGO Digital Designer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteTab Light 5_is1" = NoteTab Light 5 (Remove only)
"PowerISO" = PowerISO
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"SpongeBob SquarePants Employee of the Month" = SpongeBob SquarePants Employee of the Month
"SymSetup.{8315D4B0-9BF2-4D63-8654-74B89D288D6E}" = Norton Password Manager (Symantec Corporation)
"The Rosetta Stone" = The Rosetta Stone
"Tweak UI 2.10" = Tweak UI
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/8/2010 9:40:04 PM | Computer Name = GOLDEN-HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module neaudio.ax, version 1.0.4.23, fault address 0x0000e9b8.

Error - 4/8/2010 9:40:18 PM | Computer Name = GOLDEN-HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module neaudio.ax, version 1.0.4.23, fault address 0x0000e9b8.

Error - 4/8/2010 9:41:26 PM | Computer Name = GOLDEN-HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module neaudio.ax, version 1.0.4.23, fault address 0x0000e9b8.

Error - 4/9/2010 8:26:32 AM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/9/2010 1:49:10 PM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/9/2010 2:37:21 PM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/9/2010 6:09:15 PM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/10/2010 9:09:41 AM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/10/2010 10:23:12 AM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/10/2010 10:54:08 AM | Computer Name = GOLDEN-HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 4/9/2010 2:33:35 PM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 4/9/2010 6:05:33 PM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate
Scheduler service to connect.

Error - 4/9/2010 6:05:34 PM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%1053

Error - 4/9/2010 6:05:34 PM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7000
Description = The LBeepKE service failed to start due to the following error: %%31

Error - 4/9/2010 6:06:20 PM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 4/10/2010 9:05:41 AM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate
Scheduler service to connect.

Error - 4/10/2010 9:05:41 AM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%1053

Error - 4/10/2010 9:05:41 AM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7000
Description = The LBeepKE service failed to start due to the following error: %%31

Error - 4/10/2010 9:06:46 AM | Computer Name = GOLDEN-HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 4/10/2010 9:13:02 AM | Computer Name = GOLDEN-HOME | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm

Re: I've got something but I don't know what - HELP!

Unread postby Cypher » April 12th, 2010, 5:13 am

Hi jkgolden Sorry for the delay.
Please carry out the instructions below then let me know if you're searches are still redirected.
Do you use a router? if so i need you to reset it.
There may simply be a reset button somewhere on it, if not you will need to consult the manual that came with your router to find out how to reset it.
Please let me know if you were able to reset it in you're next post.

Next.

Reset IE8:

  • Please download Microsoft FixIt and save it to the desktop.
  • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
  • Next time IE8 is launched you will be prompted to reapply settings again, this is normal.
  • Note: Any add-ons will require to be reapplied after the above reset.

Next.

  • Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.

Next.

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O15 - HKCU\..Trusted Domains: capitalone.com ([onlinebanking] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: capitalone.com ([www] https in Trusted sites)
    O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.7. ... ontrol.CAB (Reg Error: Key error.)
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" =-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP" =-
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.



Logs/Information to Post in your Next Reply

  • Were you able to reset you're router and IE8?
  • OTL log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 12th, 2010, 10:34 pm

ie8 and router were both reset successfully.
i haven't had a pop-up/redirect yesterday or today.
still cannot connect to microsoft update (goes to google instead)

OTL log:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\capitalone.com\onlinebanking\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\capitalone.com\www\ deleted successfully.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 2324706 bytes
->Temporary Internet Files folder emptied: 7953145 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1210 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Maddie
->Temp folder emptied: 24850 bytes
->Temporary Internet Files folder emptied: 53129944 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 6823 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Pam
->Temp folder emptied: 187640 bytes
->Temporary Internet Files folder emptied: 8625000 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2015 bytes

User: Pamela
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Sean
->Temp folder emptied: 74550 bytes
->Temporary Internet Files folder emptied: 19858912 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 775 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 14196 bytes

Total Files Cleaned = 88.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04122010_221050

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\John\Local Settings\Temp\~DF5322.tmp not found!
File\Folder C:\Documents and Settings\John\Local Settings\Temp\~DF66C6.tmp not found!
File\Folder C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\2YM6ZJY4\viewtopic[1].htm not found!
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 12th, 2010, 10:36 pm

oh, i also could not download the MSfixit program on this computer (did it from work and copied it to a stick).
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm

Re: I've got something but I don't know what - HELP!

Unread postby Cypher » April 13th, 2010, 11:04 am

Hi jkgolden.
i haven't had a pop-up/redirect yesterday or today.

That's good news :)
still cannot connect to microsoft update (goes to google instead)

You're doing great please continue with the instructions below they try windows update.


Dial-A-Fix

We need to repair some of windows' internal registration settings

  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Image)
  • UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:

    Image

    Image
  • Now I want you to uncheck all areas except what is under the SSL/HTTPS/Crytography this section leave checked
  • Click on go.
  • Exit/Close Dial-A-Fix.


Next.

Download HAMeb_check.exe and save it to your desktop.
Double-click on HAMeb_check.exe to run it.
Please Post the contents of the resulting log.



Logs/Information to Post in your Next Reply

  • HAMeb_check log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: I've got something but I don't know what - HELP!

Unread postby jkgolden » April 13th, 2010, 7:44 pm

update:
twice today wife got google search re-directs
one time was to jottugquo.com - other was to an ip address

Hameb log:

C:\Documents and Settings\John\Desktop\HAMeb_check.exe
Tue 04/13/2010 at 19:40:25.78

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~
jkgolden
Regular Member
 
Posts: 24
Joined: March 28th, 2010, 10:05 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware