Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirects, keyboard/mouse frozen, winlogon.exe error

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirects, keyboard/mouse frozen, winlogon.exe error

Unread postby livelaughlove » August 14th, 2010, 7:06 pm

Hello! I've posted this issue many times(different forums/sites), and the ppl don't know/can't fix my issue. :'(
Uhh...I need to use a credit card online soon (pay tuition) and with this thing in my PC... I'm scared..(should i do the transaction at my friend's house?)

I appologize for many shortenend/abbreviatons/spelling because i am using a tablet and on-screen keyboard cuz my mouse n keyboard is frozen. keyboard has light, but frozen. (when shut down, no light)

- just like everyone else, i get google redirects (i am firefox user)only way to fix it is copy paste or cache the search page

- google chrome browser is blank?( i dont use it, i d/l it to try to fix ff issue) it use to work.

- deviantart.com page looks html-less/css-less/scriptless

- firefox started to crash a lot lately

- i get pop-up saying ''this page is encrypted , 3rd party might see it '' pop-ups when going to sign in youtube or access my college site (to add courses) is this a concern? or just a safety thing?

- this malware started on july 24 (my openDNS said so.) except it was iexplore.exe procceses and backdoor stuff ...which i managed to get rid of the first layer.

- a week ago, i used malwarebytes to re-scan and it did pick up a trojan. deleted it. few hours later my computer hibernated/restarted. upon the welcome screen, a pop-up error reads:

winlogon.exe - application error ,
the instruction at '0x00592581' referenced memory at '0x00c50000'. the memory could not be 'read' click to terminate program, click on cancel to debug program


pressing OK/cancel/X will restart computer. ignored it, and clicked my user to login. right when i type pw, keyboard and mouse froze, but the blinking cursor still blinks. i went into safe-mode(still error pop-up) to admin login cuz no need for password for feezing. i disabled password for my account to log in. ANY contact with typing (ex: msn, browser URL box, Typing box) the keyboard and mouse freeze! But everything is O.K (printing, browsing, etc) using a tablet to commute now...

i really hope it's this malware that caused this error.

- just used microsoft malware scanner, detected nothing.


LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:02 PM, on 8/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sinami.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [vc dead user mail] C:\Documents and Settings\All Users\Application Data\Proxy poll vc dead\findsupport.exe
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS U
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_S62C4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carmen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LOGOPROC] C:\DOCUME~1\Carmen\APPLIC~1\flapview\BindShimHide.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Foxy ?? - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy ¤U¸ü - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy ·j´M - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-U ... E_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 9579254447
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9579188853
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA16E1BA-85D2-4510-90E2-26F2C57CC9FE}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 10437 bytes

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Reader 8.2.0
Adobe Setup
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
ATI - Software Uninstall Utility
Auslogics Task Manager
Camera Driver
CCleaner
CD Art Display 1.0
CDex extraction audio
Compatibility Pack for the 2007 Office system
Defraggler
DivX Codec
DivX Converter
DivX Player
DVD Solution
EPSON CX7400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
FastStone Photo Resizer 2.8
Foxy v1.9.9
HijackThis 2.0.2
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 15
K-Lite Codec Pack 4.1.7 (Full)
LiveUpdate 2.0 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Print Service
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MapleStory
Media Library Management Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft AntiSpyware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 6-9 Converter
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (3.6.8)
MSN Music Assistant
MSVCRT
Multimedia Launcher
openCanvas4.06E Plus
OpenDNS Updater 2.1
Pen Tablet
Personal License Update Wizard for Windows Media Player
PLiska Image Resizer
QuickTime
Rainlendar (remove only)
RamBooster
RAR Password Recovery v1.1 RC16 (remove only)
Recuva
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB958644)
Segoe UI
Serious Samurize
Spybot - Search & Destroy
SUPERAntiSpyware
Symantec AntiVirus
TheWorld Browser 2.0 Final (2.0.5.2)
U.S. Robotics 802.11g USB Adapter
Update for Windows XP (KB951072-v2)
Viewpoint Media Player
Winamp
Winamp Remote
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Tray Control
Windows XP Service Pack 3
WinRAR archiver
WinZip
Zune Desktop Theme

thank you so much for reading and taking your time to help! :cheers:

edit: using windows xp sp3
livelaughlove
Active Member
 
Posts: 4
Joined: August 14th, 2010, 6:33 pm
Advertisement
Register to Remove

Re: Google redirects, keyboard/mouse frozen, winlogon.exe er

Unread postby MWR 3 day Mod » August 17th, 2010, 10:02 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Google redirects, keyboard/mouse frozen, winlogon.exe er

Unread postby deltalima » August 18th, 2010, 5:24 am

Hi livelaughlove,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

CKScanner

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirects, keyboard/mouse frozen, winlogon.exe er

Unread postby livelaughlove » August 18th, 2010, 3:10 pm

Hi deltalima
Thank you so much for your time and help.

I've done the ckscan and otl

ckscan
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\carmen\desktop\unused desktop shortcuts\adobe cs2 keygenetina.rtf
c:\program files\paint tool sai english pack\sai_1.0.0\sai crack patch.exe
scanner sequence 3.AA.11
----- EOF -----

OTL txt

OTL logfile created on: 8/18/2010 11:08:39 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Carmen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

319.00 Mb Total Physical Memory | 48.00 Mb Available Physical Memory | 15.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 480 960 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.58 Gb Free Space | 13.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CARMEN-56D286DD
Current User Name: Carmen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Carmen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe ()
PRC - C:\Program Files\Common Files\Iconix\IconixService.exe ()
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\msswchx.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Carmen\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Iconix\OEAddOn\OEldr_7.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe File not found
SRV - (IconixService) -- C:\Program Files\Common Files\Iconix\IconixService.exe ()
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe ()
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (Pctspk) -- C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)


========== Driver Services (SafeList) ==========

DRV - (QCMerced) -- C:\WINDOWS\System32\DRIVERS\LVCM.sys File not found
DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys File not found
DRV - (pxrts) -- C:\WINDOWS\System32\drivers\pxrts.sys File not found
DRV - (pxkbf) -- C:\WINDOWS\System32\drivers\pxkbf.sys File not found
DRV - (npkcrypt) -- C:\Nexon\MapleStory\npkcrypt.sys File not found
DRV - (LVUSBSta) -- C:\WINDOWS\System32\drivers\lvusbsta.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100813.009\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100813.009\NAVENG.SYS (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel(R) Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel(R) Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel(R) Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel(R) Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel(R) Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (MR97310_USB_DUAL_CAMERA) -- C:\WINDOWS\system32\drivers\mr97310c.sys (Mars Semiconductor Corp.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\system32\DRIVERS\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\system32\DRIVERS\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- C:\WINDOWS\system32\drivers\ptserlp.sys (PCTEL, INC.)
DRV - (allegro) ESS Allegro Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\es198x.sys (ESS Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1417001333-764733703-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sinami.com/
IE - HKU\S-1-5-21-1417001333-764733703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1417001333-764733703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {1253D21B-263B-1843-275C-1726DA8B2A12}:3.92.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 15:36:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/15 12:44:13 | 000,000,000 | ---D | M]

[2010/07/25 15:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Mozilla\Extensions
[2010/08/15 12:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Mozilla\Firefox\Profiles\huc8agl0.default\extensions
[2010/08/07 12:24:02 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Carmen\Application Data\Mozilla\Firefox\Profiles\huc8agl0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/08/17 15:54:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/15 12:44:13 | 000,000,000 | ---D | M] (Iconix) -- C:\Program Files\Mozilla Firefox\extensions\{1253D21B-263B-1843-275C-1726DA8B2A12}
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/07/26 14:13:20 | 000,195,928 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npIconixProxy36.dll

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IconixBHOClass Class) - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_42.dll ()
O3 - HKU\S-1-5-21-1417001333-764733703-1060284298-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-764733703-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1417001333-764733703-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IconixOEAddOn] C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe File not found
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OpenDNS Update] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [vc dead user mail] C:\Documents and Settings\All Users\Application Data\Proxy poll vc dead\findsupport.exe File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1417001333-764733703-1060284298-1003..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1417001333-764733703-1060284298-1003..\Run: [LOGOPROC] C:\DOCUME~1\Carmen\APPLIC~1\flapview\BindShimHide.exe File not found
O4 - HKU\S-1-5-21-1417001333-764733703-1060284298-1003..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-1417001333-764733703-1060284298-1003..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe File not found
O4 - HKU\S-1-5-21-1417001333-764733703-1060284298-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1417001333-764733703-1060284298-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1417001333-764733703-1060284298-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Carmen\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-764733703-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-764733703-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoAdminPage = 1
O9 - Extra 'Tools' menuitem : Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_42.dll ()
O9 - Extra 'Tools' menuitem : About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_42.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/ms ... b31267.cab (Checkers Class)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Me ... b31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/Mi ... b31267.cab (Minesweeper Flags Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Fac ... loader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 9579254447 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9579188853 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Me ... b31267.cab (MessengerStatsClient Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMe ... loader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v ... b34246.cab (ZoneIntro Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Documents and Settings\Carmen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carmen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/27 22:35:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2f73dcc7-83c3-11de-b514-0010b55d2727}\Shell\AutoRun\command - "" = ig.bat
O33 - MountPoints2\{2f73dcc7-83c3-11de-b514-0010b55d2727}\Shell\open\Command - "" = ig.bat
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Carmen\Desktop\YouTube - Arashi
[2010/08/18 10:56:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carmen\Desktop\OTL.exe
[2010/08/15 12:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen\Application Data\Iconix
[2010/08/15 12:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Iconix
[2010/08/15 12:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Iconix
[2010/08/15 12:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Iconix
[2010/08/13 15:49:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carmen\Recent
[2010/08/12 14:57:30 | 012,049,864 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Carmen\Desktop\windows-kb890830-v3.10.exe
[2010/08/10 12:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/10 12:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/09 10:06:33 | 005,398,664 | ---- | C] (Iconix) -- C:\Documents and Settings\Carmen\Desktop\IconixInstall.94049.exe
[2010/08/08 11:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen\Desktop\00_RESUME
[2010/08/07 21:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen\Desktop\2010 SUMMMER
[2010/08/07 20:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen\Desktop\m del
[2010/08/07 20:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen\Desktop\mandy 18th
[2010/08/07 12:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen\Desktop\summer 2010
[2010/08/06 13:48:23 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Carmen\Desktop\spybotsd162(2).exe
[2010/08/06 12:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen\Desktop\blllleeach
[2010/08/04 10:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen\Local Settings\Application Data\Windows Server
[2010/08/02 16:57:18 | 012,387,832 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Carmen\Desktop\picasa36-setup.exe
[2010/08/02 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/07/27 13:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen\Desktop\manga
[2010/07/26 10:01:18 | 001,552,776 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Carmen\Desktop\rcsetup138.exe
[2010/07/26 09:57:26 | 006,000,608 | ---- | C] (Sunbelt Software ) -- C:\Documents and Settings\Carmen\Desktop\sunbelt-personal-firewall.exe
[2010/07/23 10:28:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carmen\IETldCache
[2010/07/22 21:24:32 | 000,936,392 | ---- | C] (Prevx) -- C:\Documents and Settings\Carmen\Desktop\prevxcsifree.exe
[2010/07/22 20:20:54 | 011,508,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Carmen\Desktop\windows-kb890830-v3.9.exe
[2010/07/22 19:36:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/07/22 19:24:49 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/07/22 19:24:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/07/22 18:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/22 17:50:04 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Carmen\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/07/22 16:31:53 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Carmen\Desktop\spybotsd162.exe
[2010/07/20 18:02:26 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/07/20 17:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2010/07/20 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/07/20 17:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/07/20 16:07:15 | 058,570,184 | ---- | C] (COMODO) -- C:\Documents and Settings\Carmen\Desktop\cispremium_installer_x86.exe
[2010/07/20 15:59:07 | 011,862,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Carmen\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/07/19 18:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2010/07/19 18:10:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/19 17:44:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/19 17:18:26 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/07/19 17:18:26 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2010/07/19 17:18:26 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/07/19 17:18:25 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2010/07/19 17:17:59 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2010/07/19 17:17:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/07/19 17:17:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/07/19 17:17:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/07/19 17:17:46 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/07/19 17:17:46 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/07/19 17:17:46 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/07/19 17:17:46 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/07/19 17:17:45 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/07/19 17:17:45 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/07/19 17:17:45 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/07/19 17:17:44 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/07/19 17:17:44 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/07/19 17:17:44 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/07/19 17:17:43 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/07/19 17:17:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/07/19 17:17:41 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/07/19 17:17:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/07/19 17:17:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/07/19 17:17:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/07/19 17:17:40 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/07/19 17:17:40 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/07/19 17:17:40 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/07/19 17:17:39 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/07/19 17:17:39 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/07/19 17:17:38 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/07/19 17:17:38 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/07/19 17:17:38 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/07/19 17:17:38 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/07/19 17:17:38 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/07/19 17:17:37 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/07/19 17:17:35 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/07/19 17:17:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2010/07/19 17:17:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/07/19 17:17:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/07/19 17:17:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/07/19 17:17:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/07/19 17:17:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/07/19 17:17:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/07/19 17:17:27 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010/07/19 17:17:26 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/07/19 17:17:26 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/07/19 17:17:26 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/07/19 17:17:24 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/07/19 17:17:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/07/19 17:17:23 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/07/19 17:17:23 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/07/19 17:17:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/07/19 17:17:23 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/07/19 17:17:22 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/07/19 17:17:21 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/07/19 17:17:20 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2010/07/19 17:17:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/07/19 17:17:19 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/07/19 17:17:18 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/07/19 17:17:18 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/07/19 17:17:18 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/07/19 17:17:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/07/19 17:17:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/07/19 17:17:16 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/07/19 17:17:16 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/07/19 17:17:16 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/07/19 17:17:16 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/07/19 17:17:16 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/07/19 17:17:14 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/07/19 17:17:12 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2010/07/19 17:17:12 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2010/07/19 17:17:10 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2010/07/19 17:17:10 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/07/19 17:17:06 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010/07/19 17:17:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/07/19 17:17:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/07/19 17:17:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/07/19 17:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/07/19 17:16:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/07/19 17:07:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/07/19 16:59:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/07/19 16:59:42 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/07/19 16:59:41 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/07/19 16:59:41 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/07/19 16:59:41 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/07/19 16:59:41 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/07/19 16:59:41 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/07/19 16:59:40 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/07/19 16:59:40 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/07/19 16:59:40 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/07/19 16:59:40 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/07/19 16:59:40 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/07/19 16:59:39 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/07/19 16:59:39 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/07/19 16:59:39 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/07/19 16:59:39 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/07/19 16:59:38 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/07/19 16:59:38 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/07/19 16:59:38 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/07/19 16:59:38 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/07/19 16:59:38 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/07/19 16:59:37 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/07/19 16:59:37 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/07/19 16:59:37 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/07/19 16:59:35 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/07/19 16:59:34 | 000,144,384 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/07/19 16:59:31 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/07/19 16:59:30 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/07/19 16:59:29 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/07/19 16:59:29 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/07/19 16:59:29 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/07/19 16:59:28 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/07/19 16:59:28 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/07/19 16:59:28 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/07/19 16:59:28 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/07/19 16:59:26 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/07/19 16:59:26 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/07/19 16:59:26 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/07/19 16:59:26 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/07/19 16:59:26 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/07/19 16:59:26 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/07/19 16:42:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[40 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Carmen\Desktop\YouTube - Arashi
[2010/08/18 11:03:20 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-764733703-1060284298-1003UA.job
[2010/08/18 11:00:07 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\tasks\655996F28AC4AC52.job
[2010/08/18 10:56:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen\Desktop\OTL.exe
[2010/08/18 10:56:32 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\CKScanner.exe
[2010/08/18 10:52:23 | 004,410,390 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\Inception (Time).mp3
[2010/08/17 15:51:41 | 003,399,962 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\Longo&Wainwright ft.Craig Smart-One Life Stand.mp3
[2010/08/17 15:20:37 | 000,099,819 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\gfxwear.jpg
[2010/08/17 15:03:05 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-764733703-1060284298-1003Core.job
[2010/08/15 13:14:02 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Carmen\NTUSER.DAT
[2010/08/14 20:53:38 | 000,028,718 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\dokuseidesign.jpg
[2010/08/12 14:57:49 | 012,049,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Carmen\Desktop\windows-kb890830-v3.10.exe
[2010/08/10 16:18:13 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Carmen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/10 16:18:12 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\Google Chrome.lnk
[2010/08/10 12:40:01 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Carmen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/10 12:40:00 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\Spybot - Search & Destroy.lnk
[2010/08/09 20:34:05 | 000,038,030 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\kldetector13.zip
[2010/08/09 10:07:18 | 005,398,664 | ---- | M] (Iconix) -- C:\Documents and Settings\Carmen\Desktop\IconixInstall.94049.exe
[2010/08/07 13:14:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/07 13:14:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/07 13:13:42 | 334,090,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/07 11:20:17 | 000,012,488 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\cat scribble.png
[2010/08/07 10:59:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/06 20:58:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Carmen\ntuser.ini
[2010/08/06 13:49:06 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Carmen\Desktop\spybotsd162(2).exe
[2010/08/05 13:24:54 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Carmen\My Documents\My Sharing Folders.lnk
[2010/08/05 08:24:13 | 000,014,351 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\tinachanresume02.rtf
[2010/08/04 16:53:19 | 000,840,010 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\cc_20100804_165159.reg
[2010/08/02 16:57:28 | 012,387,832 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Carmen\Desktop\picasa36-setup.exe
[2010/08/02 16:37:36 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2010/07/26 11:09:26 | 000,071,412 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\tempscreen.PNG
[2010/07/26 11:02:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\CCleaner.lnk
[2010/07/26 10:01:58 | 001,552,776 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Carmen\Desktop\rcsetup138.exe
[2010/07/26 09:57:37 | 006,000,608 | ---- | M] (Sunbelt Software ) -- C:\Documents and Settings\Carmen\Desktop\sunbelt-personal-firewall.exe
[2010/07/25 21:25:20 | 000,088,611 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\exscreen.PNG
[2010/07/25 20:53:48 | 000,009,180 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\hijackthis sm
[2010/07/25 20:36:04 | 000,064,364 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\prxydeadpic.PNG
[2010/07/25 20:24:55 | 000,010,185 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\hijackthis 5
[2010/07/25 16:36:33 | 000,000,049 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/25 15:41:42 | 000,369,764 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\bookmark recentlol.html
[2010/07/25 15:35:19 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Carmen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 15:35:19 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/24 09:09:19 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/07/23 13:53:05 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/23 13:30:48 | 000,000,264 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2010/07/22 21:24:34 | 000,936,392 | ---- | M] (Prevx) -- C:\Documents and Settings\Carmen\Desktop\prevxcsifree.exe
[2010/07/22 20:21:09 | 011,508,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Carmen\Desktop\windows-kb890830-v3.9.exe
[2010/07/22 17:50:05 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Carmen\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/07/22 16:35:05 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Carmen\Desktop\spybotsd162.exe
[2010/07/22 13:50:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/22 13:50:05 | 000,000,699 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/22 13:50:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/20 21:09:27 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 16:08:50 | 058,570,184 | ---- | M] (COMODO) -- C:\Documents and Settings\Carmen\Desktop\cispremium_installer_x86.exe
[2010/07/20 15:59:51 | 011,862,384 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Carmen\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/07/20 15:30:43 | 002,511,787 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\edwa jacob.gif
[2010/07/19 19:38:37 | 000,642,407 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\windirstat screen.PNG
[2010/07/19 18:41:10 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\WinDirStat.lnk
[2010/07/19 18:11:35 | 000,001,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live™ Messenger.lnk
[2010/07/19 18:01:36 | 000,116,864 | ---- | M] () -- C:\Documents and Settings\Carmen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/19 17:53:43 | 000,466,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/19 17:51:24 | 000,475,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/19 17:51:24 | 000,403,968 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/19 17:51:24 | 000,063,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/19 16:58:31 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/19 12:35:10 | 009,383,401 | ---- | M] () -- C:\Documents and Settings\Carmen\Desktop\taylor swift - you belong to me.mp3
[40 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/18 10:56:32 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\CKScanner.exe
[2010/08/18 10:52:07 | 004,410,390 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\Inception (Time).mp3
[2010/08/17 15:51:34 | 003,399,962 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\Longo&Wainwright ft.Craig Smart-One Life Stand.mp3
[2010/08/17 15:11:16 | 000,099,819 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\gfxwear.jpg
[2010/08/14 20:53:26 | 000,028,718 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\dokuseidesign.jpg
[2010/08/10 12:40:01 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Carmen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/10 12:40:00 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\Spybot - Search & Destroy.lnk
[2010/08/09 20:33:40 | 000,038,030 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\kldetector13.zip
[2010/08/07 11:20:17 | 000,012,488 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\cat scribble.png
[2010/08/05 21:12:43 | 334,090,240 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/04 16:52:08 | 000,840,010 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\cc_20100804_165159.reg
[2010/08/02 16:37:36 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2010/07/26 11:09:21 | 000,071,412 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\tempscreen.PNG
[2010/07/25 21:25:15 | 000,088,611 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\exscreen.PNG
[2010/07/25 20:53:48 | 000,009,180 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\hijackthis sm
[2010/07/25 20:36:03 | 000,064,364 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\prxydeadpic.PNG
[2010/07/25 20:24:52 | 000,010,185 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\hijackthis 5
[2010/07/25 16:36:33 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/25 15:41:40 | 000,369,764 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\bookmark recentlol.html
[2010/07/25 15:35:19 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Carmen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 15:35:19 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/25 15:01:33 | 000,002,297 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\Google Chrome.lnk
[2010/07/25 15:01:33 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Carmen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/25 14:58:09 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-764733703-1060284298-1003UA.job
[2010/07/25 14:58:07 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-764733703-1060284298-1003Core.job
[2010/07/23 13:53:05 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/23 13:30:48 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/07/20 21:09:27 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 20:20:37 | 000,677,376 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\keyfinder.exe
[2010/07/20 17:49:22 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/07/20 15:30:23 | 002,511,787 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\edwa jacob.gif
[2010/07/19 19:38:33 | 000,642,407 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\windirstat screen.PNG
[2010/07/19 18:41:10 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\WinDirStat.lnk
[2010/07/19 16:59:37 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/07/19 16:59:35 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/07/19 16:59:29 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/07/19 12:34:21 | 009,383,401 | ---- | C] () -- C:\Documents and Settings\Carmen\Desktop\taylor swift - you belong to me.mp3
[2009/08/18 17:49:05 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/08/18 17:49:05 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\662D3D8FBF.sys
[2009/06/06 16:31:30 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2009/06/06 16:31:30 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2009/06/06 16:21:02 | 000,000,047 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2009/06/05 17:01:39 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2009/02/20 16:56:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/11 18:43:43 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/11 18:42:08 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2008/09/28 09:50:37 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/09/28 09:50:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/09/28 09:50:18 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/28 09:50:15 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/28 09:50:08 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/09/28 09:50:07 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/09/14 19:06:55 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/01/27 20:44:01 | 159,326,683 | ---- | C] () -- C:\Program Files\Microsoft Office.rar
[2007/10/06 19:26:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/09 16:09:00 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2007/05/12 20:06:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007/05/12 19:52:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/06/28 12:03:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/08 16:13:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2005/12/04 14:07:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/08/28 00:17:21 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Carmen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/27 23:11:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/08/27 23:05:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\USR_IsUser.dll
[2005/08/27 23:05:10 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/27 23:05:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/27 23:05:10 | 000,094,279 | ---- | C] () -- C:\WINDOWS\System32\GtkCards.dll
[2005/08/27 23:05:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/08/27 23:04:19 | 000,000,087 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2005/08/27 23:00:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/07/06 17:00:00 | 000,000,006 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D81EDBF9-D167-4011-B77D-211DF920EB80
[1999/01/27 10:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 04:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/01/11 18:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/12/05 20:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/08/15 12:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Iconix
[2009/09/04 11:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenDNS Updater
[2009/08/27 13:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Proxy poll vc dead
[2009/02/18 20:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2009/06/22 12:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/06/23 10:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/15 19:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2009/04/10 16:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Acreon
[2007/06/25 18:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Block Checker
[2007/06/10 23:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Enigma Browser
[2009/02/04 20:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\EPSON
[2010/06/14 20:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Facebook
[2009/08/27 13:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\flapview
[2006/04/16 08:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\FotoWire
[2009/08/07 19:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Foxy
[2008/09/10 15:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\FrostWire
[2008/07/15 19:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\GrabPro
[2010/08/15 12:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Iconix
[2007/06/29 11:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Leadertech
[2007/05/17 16:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\MusicIP
[2007/11/26 18:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Nexon
[2010/08/07 13:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\OpenDNS Updater
[2007/05/17 16:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Opera
[2008/07/15 19:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Orbit
[2009/08/30 12:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Rainlendar
[2009/02/18 20:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\SYSTEMAX Software Development
[2009/08/31 15:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Uniblue
[2007/06/25 12:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Application Data\Viewpoint
[2007/06/29 20:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\flapview
[2010/08/18 12:00:03 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\Tasks\655996F28AC4AC52.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

Extras txt

OTL Extras logfile created on: 8/18/2010 11:08:39 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Carmen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

319.00 Mb Total Physical Memory | 48.00 Mb Available Physical Memory | 15.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 480 960 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.58 Gb Free Space | 13.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CARMEN-56D286DD
Current User Name: Carmen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1417001333-764733703-1060284298-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- Reg Error: Value error.
Directory [Winamp.Enqueue] -- Reg Error: Value error.
Directory [Winamp.Play] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"24578:TCP" = 24578:TCP:*:Enabled:Foxy (192.168.0.100:24578) 24578 TCP
"24578:UDP" = 24578:UDP:*:Enabled:Foxy (192.168.0.100:24578) 24578 UDP
"9367:TCP" = 9367:TCP:*:Enabled:Foxy (192.168.0.100:9367) 9367 TCP
"9367:UDP" = 9367:UDP:*:Enabled:Foxy (192.168.0.100:9367) 9367 UDP
"21436:TCP" = 21436:TCP:*:Enabled:Foxy (192.168.0.100:21436) 21436 TCP
"21436:UDP" = 21436:UDP:*:Enabled:Foxy (192.168.0.100:21436) 21436 UDP
"21518:TCP" = 21518:TCP:*:Enabled:Foxy (192.168.0.100:21518) 21518 TCP
"21518:UDP" = 21518:UDP:*:Enabled:Foxy (192.168.0.100:21518) 21518 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Wizet\MapleStory\Patcher.exe" = C:\Program Files\Wizet\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ???? -- File not found
"C:\Program Files\Cartoon Network\Dexter's Labyrinth\PowerPlay.exe" = C:\Program Files\Cartoon Network\Dexter's Labyrinth\PowerPlay.exe:*:Enabled:Macromedia Projector -- File not found
"C:\Program Files\Wizet\MapleStory\NewPatcher.exe" = C:\Program Files\Wizet\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC ?? ???? -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Nexon\MapleStory\MapleStory.exe" = C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory -- File not found
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Disabled:P2P service of Orbit Downloader -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Foxy\Foxy.exe" = C:\Program Files\Foxy\Foxy.exe:*:Enabled:Foxy -- File not found
"C:\Program Files\Common Files\AOL\1151521547\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1151521547\ee\aim6.exe:*:Disabled:AIM -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1151521547\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1151521547\ee\aolsoftware.exe:*:Disabled:AOL Services -- File not found
"C:\Program Files\Avant Browser\avant.exe" = C:\Program Files\Avant Browser\avant.exe:*:Disabled:Avant Browser -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- File not found
"C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe" = C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe:*:Disabled:BookWorm -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX7400 Series Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{33F8EAD4-B6EC-498B-B487-696B973D1C0C}" = Windows Live Messenger
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45259F03-5BE4-4FA8-B2EF-A799DEC9B444}" = PLiska Image Resizer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{536F7C74-844B-4683-B0C5-EA39E19A6FE3}" = Microsoft AntiSpyware
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{621AF8B2-75D2-4074-BA44-79178A617255}" = Windows Live installer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6CB428D1-EF83-420F-BF47-C03D2186522B}" = U.S. Robotics 802.11g USB Adapter
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92E2CA49-B6B9-4FE2-A39B-F6EA18AC5405}_is1" = Auslogics Task Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}" = RamBooster
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C22404E3-371D-46A3-A633-C7094DDE7274}" = openCanvas4.06E Plus
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE331E3-CB6B-46a3-A669-2C6DABBA2601}" = TheWorld Browser 2.0 Final (2.0.5.2)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEC511B1-59CB-4F15-AD75-0543034572A5}" = MapleStory
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"CCleaner" = CCleaner
"CD Art Display_is1" = CD Art Display 1.0
"CDex" = CDex extraction audio
"Defraggler" = Defraggler
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FastStone Photo Resizer" = FastStone Photo Resizer 2.8
"Foxy_is1" = Foxy v1.9.9
"HijackThis" = HijackThis 2.0.2
"Iconix eMail ID" = Iconix® eMail ID
"ie8" = Windows Internet Explorer 8
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Logitech Print Service" = Logitech Print Service
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"OpenDNS Updater" = OpenDNS Updater 2.1
"Orb" = Winamp Remote
"Pen Tablet Driver" = Pen Tablet
"QuickTime" = QuickTime
"Rainlendar" = Rainlendar (remove only)
"Recuva" = Recuva
"Serious Samurize" = Serious Samurize
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Silent Package Run-Time Sample" = EPSON CX7400 User's Guide
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1417001333-764733703-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2010 6:00:59 PM | Computer Name = CARMEN-56D286DD | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, faulting module
xul.dll, version 1.9.2.3743, fault address 0x0047c491.

Error - 7/4/2010 5:51:52 PM | Computer Name = CARMEN-56D286DD | Source = Application Hang | ID = 1002
Description = Hanging application ImageReady.exe, version 9.0.0.196, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/12/2010 4:14:17 PM | Computer Name = CARMEN-56D286DD | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3828, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 7/20/2010 9:10:32 PM | Computer Name = CARMEN-56D286DD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/22/2010 11:05:09 PM | Computer Name = CARMEN-56D286DD | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/25/2010 4:44:20 PM | Computer Name = CARMEN-56D286DD | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Gen in File: C:\Documents and Settings\Carmen\Local
Settings\Temp\smss.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access
denied. Action Description: The file was quarantined successfully.

Error - 7/25/2010 6:12:50 PM | Computer Name = CARMEN-56D286DD | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 5.0.375.99, fault address 0x00256ff3.

Error - 8/7/2010 2:08:24 PM | Computer Name = CARMEN-56D286DD | Source = Google Update | ID = 20
Description =

Error - 8/13/2010 3:00:04 PM | Computer Name = CARMEN-56D286DD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module shell32.dll, version 6.0.2900.5512, fault address 0x00030ef2.

Error - 8/13/2010 6:48:49 PM | Computer Name = CARMEN-56D286DD | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module xul.dll, version 1.9.2.3855, fault address 0x0073f858.

[ Application Events ]
Error - 6/13/2010 6:00:59 PM | Computer Name = CARMEN-56D286DD | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, faulting module
xul.dll, version 1.9.2.3743, fault address 0x0047c491.

Error - 7/4/2010 5:51:52 PM | Computer Name = CARMEN-56D286DD | Source = Application Hang | ID = 1002
Description = Hanging application ImageReady.exe, version 9.0.0.196, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/12/2010 4:14:17 PM | Computer Name = CARMEN-56D286DD | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3828, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 7/20/2010 9:10:32 PM | Computer Name = CARMEN-56D286DD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/22/2010 11:05:09 PM | Computer Name = CARMEN-56D286DD | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/25/2010 4:44:20 PM | Computer Name = CARMEN-56D286DD | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Gen in File: C:\Documents and Settings\Carmen\Local
Settings\Temp\smss.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access
denied. Action Description: The file was quarantined successfully.

Error - 7/25/2010 6:12:50 PM | Computer Name = CARMEN-56D286DD | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 5.0.375.99, fault address 0x00256ff3.

Error - 8/7/2010 2:08:24 PM | Computer Name = CARMEN-56D286DD | Source = Google Update | ID = 20
Description =

Error - 8/13/2010 3:00:04 PM | Computer Name = CARMEN-56D286DD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module shell32.dll, version 6.0.2900.5512, fault address 0x00030ef2.

Error - 8/13/2010 6:48:49 PM | Computer Name = CARMEN-56D286DD | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module xul.dll, version 1.9.2.3855, fault address 0x0073f858.

[ System Events ]
Error - 8/7/2010 2:05:42 PM | Computer Name = CARMEN-56D286DD | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 8/7/2010 2:08:20 PM | Computer Name = CARMEN-56D286DD | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/7/2010 4:14:28 PM | Computer Name = CARMEN-56D286DD | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 8/7/2010 4:14:28 PM | Computer Name = CARMEN-56D286DD | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 8/7/2010 4:17:43 PM | Computer Name = CARMEN-56D286DD | Source = Service Control Manager | ID = 7000
Description = The pxrts service failed to start due to the following error: %%2

Error - 8/7/2010 4:17:43 PM | Computer Name = CARMEN-56D286DD | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%3

Error - 8/7/2010 4:17:43 PM | Computer Name = CARMEN-56D286DD | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 8/7/2010 4:17:57 PM | Computer Name = CARMEN-56D286DD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pxscan

Error - 8/7/2010 4:20:41 PM | Computer Name = CARMEN-56D286DD | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 8/7/2010 4:21:55 PM | Computer Name = CARMEN-56D286DD | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >
livelaughlove
Active Member
 
Posts: 4
Joined: August 14th, 2010, 6:33 pm

Re: Google redirects, keyboard/mouse frozen, winlogon.exe er

Unread postby deltalima » August 18th, 2010, 4:11 pm

Hi livelaughlove,

Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded various keygen/cracked software and that you are actively using it.

Our forum policy Here says we will not help people who use cracked or pirated software.
You likely got infected by using cracked software or visiting crack sites.
Hence, i would like you to remove all the crack/keygen applications that are present on your system

NOTE: If you give me advice that the software/Keygens have been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to have this thread closed.
Please decide what you are going to do & let me know.

Backup Your Registry:
* Download ERUNT to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
* Right-click erunt.zip, choose Extract All... and follow the prompts to unzip the program
* Open the erunt folder on your Desktop and double-click ERUNT.exe to start the program
* OK all the prompts to back up your registry to the default location.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O4 - HKLM\..\Run: [vc dead user mail] C:\Documents and Settings\All Users\Application Data\Proxy poll vc dead\findsupport.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [LOGOPROC] C:\DOCUME~1\Carmen\APPLIC~1\flapview\BindShimHide.exe
    :files
    C:\WINDOWS\tasks\655996F28AC4AC52.job
    C:\DOCUME~1\Carmen\APPLIC~1\flapview
    C:\Documents and Settings\All Users\Application Data\Proxy poll vc dead
    C:\Documents and Settings\NetworkService\Application Data\flapview
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Now please run Malwarebytes, update and run a quick scan and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirects, keyboard/mouse frozen, winlogon.exe er

Unread postby livelaughlove » August 19th, 2010, 12:47 am

Hi deltalima

Yes, I have had cracked programs -- I don't use them now. Those were my noob days (dated back 2005?)
And yes, I would love to remove them. Problem is, I don't know how to remove them? =S I can remove the PS CS2 and Sai. Are there any other ones? I think those are the only ones I can remember being downloaded. Please notify me if any

I don't think i was infected by using those programs... haven't used them for a very long time. I was vulnerable to viruses because I didn't update my PC =S (atleasr, a previous person told me so? i was on windows sp2 when the nasty IEXPLORE.exe showed up but while patching, it got rid but somee nasties came in :S. )

The ERUNT program that you asked me to extract, which I did, but there is no folder?
here's the screen shot:
Image
livelaughlove
Active Member
 
Posts: 4
Joined: August 14th, 2010, 6:33 pm

Re: Google redirects, keyboard/mouse frozen, winlogon.exe er

Unread postby deltalima » August 19th, 2010, 3:18 am

Hi livelaughlove,

I would love to remove them. Problem is, I don't know how to remove them? =S I can remove the PS CS2 and Sai


  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Adobe Photoshop CS2
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Please use this same method to remove any other programs that you do not have a valid license for.

The ERUNT program that you asked me to extract, which I did, but there is no folder?


It looks like you unzipped the files to the desktop instead of a folder. Please remove the files and unzip again, you should be prompted for where to unzip to and ensure that the folder erunt on the desktop is selected.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirects, keyboard/mouse frozen, winlogon.exe er

Unread postby NonSuch » August 22nd, 2010, 5:15 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27299
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware