Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Totally lost and need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Totally lost and need help

Unread postby Mel Adjusted » January 5th, 2011, 1:44 am

My Comodo said I had a virus..TrojWare32.TrojanProxy.Horse~0@25568469.. So I shut my computer off and tried to reboot in safe mode and it wont allow me to boot in safe mode. Sometimes my keyboard don't work now and I reboot till it works again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:32 PM, on 1/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\LEXBCES.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\LEXPPS.EXE
H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
G:\program files\new folder\update\realsched.exe
H:\Program Files\ThreatFire\TFTray.exe
G:\Program Files\Common Files\Java\Java Update\jusched.exe
G:\Program Files\AVG\AVGLS9\avgwdsvc.exe
G:\Program Files\COMODO\COMODO Internet Security\cfp.exe
G:\Program Files\Softwin\BitDefender10\bdagent.exe
G:\PROGRA~1\AVG\AVGLS9\avgtray.exe
G:\WINDOWS\system32\svchost.exe
H:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
G:\Program Files\Common Files\Nuance\dgnsvc.exe
G:\Program Files\Skype\Phone\Skype.exe
G:\Program Files\Windows Live\Messenger\msnmsgr.exe
G:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
G:\Program Files\DU Meter\DUMeterSvc.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\Program Files\Maxtor\Sync\SyncServices.exe
G:\WINDOWS\system32\PnkBstrA.exe
G:\WINDOWS\system32\PnkBstrB.exe
G:\Program Files\AVG\AVGLS9\avgnsx.exe
G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
H:\Program Files\ThreatFire\TFService.exe
G:\Program Files\Webroot\Washer\WasherSvc.exe
G:\Program Files\Skype\Plugin Manager\skypePM.exe
G:\Program Files\Windows Live\Contacts\wlcomm.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
G:\WINDOWS\system32\wbem\wmiprvse.exe
G:\WINDOWS\system32\svchost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVGLS9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - G:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - G:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - G:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - G:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [tsnpstd3] G:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\program files\new folder\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ThreatFire] H:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "G:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [BDAgent] "G:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] G:\PROGRA~1\AVG\AVGLS9\avgtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SmartRAM] "H:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Skype] "G:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] G:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://G:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - G:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - G:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: The Gaming Club - {CFA80FFD-AE33-436C-8488-CCF561F1FECF} - G:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 0257624859
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17496C10-8644-4DD8-B7DD-9175FE1E9F98}: NameServer = 192.168.1.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVGLS9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: DfLogon - G:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: AVG LinkScanner®9 WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - G:\Program Files\AVG\AVGLS9\avgwdsvc.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - G:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - G:\Program Files\Common Files\Nuance\dgnsvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - G:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Imapi Helper - Alex Feinman - G:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - G:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - G:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - G:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ThreatFire - PC Tools - H:\Program Files\ThreatFire\TFService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - G:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 10324 bytes
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm
Advertisement
Register to Remove

Re: Totally lost and need help

Unread postby MWR 3 day Mod » January 9th, 2011, 2:46 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Totally lost and need help

Unread postby deltalima » January 9th, 2011, 11:13 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Totally lost and need help

Unread postby deltalima » January 9th, 2011, 11:23 am

Hi Mel Adjusted,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Totally lost and need help

Unread postby Mel Adjusted » January 9th, 2011, 8:25 pm

OK..I opened up Hijack This and I don't see a System Tools...What am or where am I suppose to be looking for it?
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby Mel Adjusted » January 9th, 2011, 8:56 pm

This computer is used for home use... I must say your instructions a confusing..
I opened HighJacjThis and My only options are, SCAN, INFO ON SELECTED ITEM, MAIN MENU, INFO, CONFIG and UPLOAD TO TRENDSECURE

I Downloaded Security Check and ran it as instructed... When it was done it said CHECK FINISHED...where do I find the "Checkup.txt" so I can save it to my desk top?

So far were batting "0" zero...
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby Mel Adjusted » January 9th, 2011, 10:34 pm

OK here's my Checkup results..
Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
CleanMyPC - Registry Cleaner
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.3.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent

WinPatrol winpatrol.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgnsx.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Softwin BitDefender10 bdagent.exe
BillP Studios WinPatrol winpatrol.exe
``````````End of Log````````````
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby deltalima » January 10th, 2011, 4:59 am

Hi Mel Adjusted,

I must say your instructions a confusing.


Please read the instructions here that you should have read before posting and follow the instructions to post An Uninstall List.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Totally lost and need help

Unread postby Mel Adjusted » January 10th, 2011, 5:22 am

2X-Office 7.80
7-Zip 4.65
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11
Advanced Registry Optimizer
Advanced SystemCare 3
Any Video Converter 2.7.6
Apple Application Support
ASCOM Platform 3.0
Asistente Prodigy
Auslogics Duplicate File Finder
AV Voice Changer Software DIAMOND 6.0
AVG LinkScanner® 9.0
Bejeweled 3
Belarc Advisor 8.1
CCleaner
Chicken Invaders 3 - Christmas Edition (remove only)
CleanMyPC - Registry Cleaner
Clock Screen Saver
COMODO Internet Security
COMODO livePCsupport
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Digital Clock Screen Saver
Drag Racer 3.0
Dragon NaturallySpeaking 11
DSL Speed V4.6
DU Meter
DVD-CLONER V7.00 Build 990
ebgcInfra
ebgcRes
ebgcSDK
FotoSketcher - Version 1.9
Full Tilt Poker
Game Booster
GIMP 2.6.8
Google Chrome
Google Earth
Google Update Helper
HDView for Internet Explorer
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
IHRA Drag Racing Sportsman Edition
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
ISO Recorder
IZArc 4.0 beta 1
Jardinains!
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Mega Codec Pack 4.1.7
Logitech Gaming Software 5.08
Luxor 2 (remove only)
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing Platinum 20
Maxtor Manager
Maxtor Manager
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Monster Trux Extreme - Offroad Edition
Mozilla Firefox (3.6.13)
MSN
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
myWIFIzone
OpenOffice.org 3.1
Paint.NET v3.5.6
PakMan 2008
Performance USB keyboard hotkey blocker
Pocket Tanks
PokerStars
PokerStars.net
Popcap Game Collection
PowerISO
QuickTime
QuuxPlayer
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RichoSoft SetUp Monitor
Rosetta Stone Version 3
Satellite TV Media Player 4.5
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Skype™ 5.0
Smart Defrag
Sprint Cars - Road to Knoxville
Starry Night Pro 5
SUPERAntiSpyware Free Edition
System Explorer 2.0.5
System Requirements Lab
System Requirements Lab
The KMPlayer (remove only)
TheTreasuresOfMontezuma2
ThreatFire
Total Pinball 25
TweakMASTER
Ultra Flash Video FLV Converter 3.9.1120
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
USB PC Camera Plus
Virtual Engine Calculator Advanced
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
Webcam Capture
What's Running 2.2
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Rights Management Client with Service Pack 2
WinPatrol
Word Magic Professional Suite Premier 5.2
Yahoo! Toolbar
YouTube Downloader 2.5.3
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby deltalima » January 10th, 2011, 5:30 am

Hi Mel Adjusted,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Totally lost and need help

Unread postby Mel Adjusted » January 10th, 2011, 5:46 am

deltalama, The GME Rootkit Scanner ask's "Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive."
I don't have a "C" drive.... It's "G" "C"="G"
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby deltalima » January 10th, 2011, 5:48 am

Leave just G: ticked - the system drive.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Totally lost and need help

Unread postby Mel Adjusted » January 10th, 2011, 11:27 pm

OTL
OTL logfile created on: 1/10/2011 1:26:50 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = G:\Documents and Settings\K. Albert 2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive G: | 76.68 Gb Total Space | 34.04 Gb Free Space | 44.39% Space Free | Partition Type: NTFS
Drive H: | 232.88 Gb Total Space | 171.16 Gb Free Space | 73.50% Space Free | Partition Type: NTFS

Computer Name: ALBERT2 | User Name: K. Albert 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - G:\Documents and Settings\K. Albert 2\Desktop\OTL.exe (OldTimer Tools)
PRC - G:\Program Files\new folder\Update\realsched.exe (RealNetworks, Inc.)
PRC - G:\Program Files\AVG\AVGLS9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - H:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - G:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - G:\Program Files\AVG\AVGLS9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - H:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
PRC - H:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
PRC - G:\Program Files\AVG\AVGLS9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
PRC - H:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - H:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - G:\Program Files\DU Meter\DUMeterSvc.exe (Hagel Technologies Ltd.)
PRC - G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - G:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - G:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - G:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - G:\Program Files\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)


========== Modules (SafeList) ==========

MOD - G:\Documents and Settings\K. Albert 2\Desktop\OTL.exe (OldTimer Tools)
MOD - G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
MOD - G:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - G:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
MOD - G:\WINDOWS\system32\guard32.dll (COMODO)
MOD - H:\Program Files\ThreatFire\TFWAH.dll (PC Tools)
MOD - H:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)


========== Win32 Services (SafeList) ==========

SRV - (DFServ) -- File not found
SRV - (FLEXnet Licensing Service) -- G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (cmdAgent) -- G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (DragonSvc) -- G:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (avg9wd) -- G:\Program Files\AVG\AVGLS9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (getPlusHelper) getPlus(R) -- G:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (CLPSLS) -- G:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (ThreatFire) -- H:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (DUMeterSvc) -- G:\Program Files\DU Meter\DUMeterSvc.exe (Hagel Technologies Ltd.)
SRV - (SeaPort) -- G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Maxtor Sync Service) -- G:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (wwEngineSvc) -- G:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (Imapi Helper) -- G:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)


========== Driver Services (SafeList) ==========

DRV - (VBoxNetFlt) -- G:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (Lbd) -- G:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (FXDrv32) -- E:\FXDrv32.sys File not found
DRV - (catchme) -- G:\ComboFix\catchme.sys File not found
DRV - (BDRsDrv) -- G:\Program Files\Softwin\BitDefender10\bdrsdrv.sys File not found
DRV - (BDFsDrv) -- G:\Program Files\Softwin\BitDefender10\bdfsdrv.sys File not found
DRV - (bdfdll) -- G:\Program Files\Softwin\BitDefender10\bdfdll.sys File not found
DRV - (Inspect) -- G:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- G:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmderd) -- G:\WINDOWS\system32\drivers\cmderd.sys (COMODO)
DRV - (cmdGuard) -- G:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (AvgTdiX) -- G:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- G:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- H:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- H:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (DeepFrz) -- G:\WINDOWS\System32\drivers\DeepFrz.sys (Faronics Corporation)
DRV - (TfSysMon) -- G:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- G:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- G:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (CopyHDDVDHlp) -- G:\WINDOWS\system32\drivers\copyhddvdhlp.sys ()
DRV - (DVDHlp) -- G:\WINDOWS\system32\drivers\dvdhlp.sys (SlySoft, Inc.)
DRV - (VBoxNetAdp) -- G:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (ElbyCDI0) -- G:\WINDOWS\system32\drivers\ElbyCDI0.sys (Elaborate Bytes AG)
DRV - (WmXlCore) -- G:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- G:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- G:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- G:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- G:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (SCDEmu) -- G:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Tcpip6) -- G:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (BANTExt) -- G:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (MXOPSWD) -- G:\WINDOWS\system32\drivers\mxopswd.sys ()
DRV - (Amusbprt) -- G:\WINDOWS\system32\drivers\Amusbprt.sys ((Standard mouse types))
DRV - (Amfilter) -- G:\WINDOWS\system32\drivers\Amfilter.sys ((Standard mouse types))
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- G:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (thdudf) -- G:\WINDOWS\system32\drivers\thdudf.sys (TOSHIBA Corporation)
DRV - (myWIFIzone) -- G:\WINDOWS\system32\drivers\myWIFIzone.sys (myWIFIzone.com)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- G:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?st=1
IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Sal the Foot Mob Wars Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2602812&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "MSN.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: G:\Program Files\AVG\AVGLS9\Firefox [2010/11/24 08:26:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/24 06:15:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2010/12/25 10:03:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2010/12/24 06:16:26 | 000,000,000 | ---D | M]

[2009/06/30 06:17:23 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Extensions
[2010/12/24 06:24:11 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\extensions
[2009/08/14 09:22:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 19:27:07 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/07/04 01:02:19 | 000,000,000 | ---D | M] (Read it Later) -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\extensions\isreaditlater@ideashower.com
[2010/06/10 22:42:06 | 000,000,945 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\searchplugins\conduit.xml
[2010/01/24 07:27:08 | 000,005,493 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\searchplugins\startpage-https.xml
[2010/01/24 07:27:08 | 000,005,471 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\searchplugins\startpage.xml
[2010/12/24 06:24:11 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files\Mozilla Firefox\extensions
[2010/04/20 19:27:48 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/21 00:16:18 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/20 20:06:27 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/21 00:09:52 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/07/08 12:44:33 | 000,000,000 | ---D | M] (Hide My IP) -- G:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com
[2010/12/24 06:15:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- G:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/11/24 08:26:52 | 000,000,000 | ---D | M] (AVG Safe Search) -- G:\PROGRAM FILES\AVG\AVGLS9\FIREFOX
[2009/07/02 08:56:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- G:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/03/16 18:35:15 | 000,000,027 | ---- | M]) - G:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVGLS9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - G:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - G:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - G:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - G:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] G:\Program Files\AVG\AVGLS9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDAgent] G:\Program Files\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [COMODO Internet Security] G:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ThreatFire] H:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] G:\program files\new folder\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnpstd3] G:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003..\Run: [ISUSPM] G:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003..\Run: [SmartRAM] H:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - G:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - G:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab ... detect.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 0257624859 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - G:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVGLS9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\DfLogon: DllName - LogonDll.dll - G:\WINDOWS\System32\LogonDll.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - G:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/30 01:30:50 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:G /k:H *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/10 01:37:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- G:\Documents and Settings\K. Albert 2\Desktop\OTL.exe
[2011/01/10 01:16:07 | 000,000,000 | ---D | C] -- G:\Documents and Settings\K. Albert 2\Start Menu\Programs\HiJackThis
[2011/01/04 14:50:48 | 000,000,000 | ---D | C] -- G:\WINDOWS\pss
[2010/12/29 20:14:10 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2010/12/26 12:24:06 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Macrovision Shared
[2010/12/26 12:23:57 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Start Menu\Programs\Rosetta Stone
[2010/12/26 12:23:33 | 000,000,000 | ---D | C] -- G:\Program Files\Rosetta Stone
[2010/12/26 12:23:33 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/12/24 06:15:57 | 000,000,000 | ---D | C] -- G:\Program Files\Real
[2010/12/24 06:15:49 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\xing shared
[2010/12/24 06:15:26 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- G:\WINDOWS\System32\rmoc3260.dll
[2010/12/24 06:14:54 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- G:\WINDOWS\System32\pndx5016.dll
[2010/12/24 06:14:54 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- G:\WINDOWS\System32\pndx5032.dll
[2010/12/24 06:14:52 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Start Menu\Programs\Real
[2010/12/24 06:14:51 | 000,272,896 | ---- | C] (Progressive Networks) -- G:\WINDOWS\System32\pncrt.dll
[2010/12/24 06:14:22 | 000,000,000 | ---D | C] -- G:\Program Files\new folder
[2010/12/21 00:09:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javaws.exe
[2010/12/21 00:09:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javaw.exe
[2010/12/21 00:09:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\java.exe
[2010/12/19 03:21:17 | 000,000,000 | ---D | C] -- G:\Documents and Settings\K. Albert 2\Application Data\FLEXnet
[2010/12/19 02:43:15 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\IVA
[2010/12/19 02:42:33 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Nuance
[2010/12/19 02:36:01 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Nuance
[2010/12/19 02:36:01 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/12/19 02:35:37 | 000,000,000 | ---D | C] -- G:\WINDOWS\speech
[2010/12/19 02:24:56 | 000,833,342 | ---- | C] ( ) -- G:\WINDOWS\System32\regw2.exe
[2010/12/16 06:18:28 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Start Menu\Programs\FreeGamePick.com
[2010/12/11 22:45:34 | 000,000,000 | RH-D | C] -- G:\Documents and Settings\K. Albert 2\Recent
[2010/12/11 22:16:49 | 000,000,000 | ---D | C] -- G:\Program Files\Best Registry Software
[2009/06/30 05:25:31 | 000,147,456 | ---- | C] ( ) -- G:\WINDOWS\System32\rsnpstd3.dll
[2009/06/30 05:25:31 | 000,061,440 | ---- | C] ( ) -- G:\WINDOWS\System32\vsnpstd3.dll
[2009/06/30 05:25:31 | 000,053,248 | ---- | C] ( ) -- G:\WINDOWS\System32\csnpstd3.dll
[2009/06/30 05:25:31 | 000,053,248 | ---- | C] ( ) -- G:\WINDOWS\csnpstd3.dll
[1 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/10 13:34:37 | 001,474,832 | ---- | M] () -- G:\WINDOWS\System32\drivers\sfi.dat
[2011/01/10 13:32:43 | 000,000,396 | ---- | M] () -- G:\WINDOWS\tasks\SmartDefrag.job
[2011/01/10 13:11:48 | 000,000,290 | ---- | M] () -- G:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-2000478354-1177238915-1003.job
[2011/01/10 13:11:47 | 000,000,298 | ---- | M] () -- G:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-2000478354-1177238915-1003.job
[2011/01/10 12:46:01 | 000,000,896 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/10 11:46:07 | 000,000,892 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 02:27:01 | 000,000,000 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\prvlcl.dat
[2011/01/10 01:38:43 | 000,296,448 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\08pvg4gu.exe
[2011/01/10 01:37:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\K. Albert 2\Desktop\OTL.exe
[2011/01/10 01:25:04 | 000,002,459 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\HiJackThis.lnk
[2011/01/10 00:29:09 | 000,002,265 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/09 17:56:00 | 000,000,400 | ---- | M] () -- G:\WINDOWS\tasks\AWC Update.job
[2011/01/09 16:32:56 | 000,879,047 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\SecurityCheck.exe
[2011/01/08 18:06:28 | 000,677,781 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\Democracy at Work.zip
[2011/01/07 00:25:40 | 000,002,206 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2011/01/07 00:24:06 | 000,000,388 | ---- | M] () -- G:\WINDOWS\tasks\AWC AutoSweep.job
[2011/01/07 00:06:45 | 000,000,784 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/06 15:10:51 | 004,595,986 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\best glue commercial.zip
[2011/01/06 07:47:18 | 000,001,329 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\Shortcut to Cu Cu Ru Cu Cu Paloma Harry Belafonte.lnk
[2011/01/04 02:52:51 | 000,002,291 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\My WIFI Zone.lnk
[2010/12/31 00:11:39 | 005,153,789 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\THINK YOU CAN DRIVE A BOAT.zip
[2010/12/29 19:12:10 | 000,000,708 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\QuuxPlayer.lnk
[2010/12/29 19:12:10 | 000,000,708 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Internet Explorer\Quick Launch\QuuxPlayer.lnk
[2010/12/26 13:18:31 | 000,002,477 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\Rosetta Stone Version 3.lnk
[2010/12/24 06:16:03 | 000,000,685 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/12/24 06:15:26 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- G:\WINDOWS\System32\rmoc3260.dll
[2010/12/24 06:14:54 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- G:\WINDOWS\System32\pndx5016.dll
[2010/12/24 06:14:54 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- G:\WINDOWS\System32\pndx5032.dll
[2010/12/24 06:14:51 | 000,272,896 | ---- | M] (Progressive Networks) -- G:\WINDOWS\System32\pncrt.dll
[2010/12/21 23:07:33 | 015,103,144 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\kmp.exe
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 02:24:56 | 000,833,342 | ---- | M] ( ) -- G:\WINDOWS\System32\regw2.exe
[2010/12/13 17:47:48 | 000,001,813 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[1 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/10 01:38:36 | 000,296,448 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\08pvg4gu.exe
[2011/01/09 16:32:49 | 000,879,047 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\SecurityCheck.exe
[2011/01/08 18:06:17 | 000,677,781 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\Democracy at Work.zip
[2011/01/06 15:10:39 | 004,595,986 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\best glue commercial.zip
[2011/01/06 07:47:18 | 000,001,329 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\Shortcut to Cu Cu Ru Cu Cu Paloma Harry Belafonte.lnk
[2011/01/04 10:37:20 | 000,000,396 | ---- | C] () -- G:\WINDOWS\tasks\SmartDefrag.job
[2010/12/31 00:11:28 | 005,153,789 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\THINK YOU CAN DRIVE A BOAT.zip
[2010/12/26 12:25:56 | 000,002,477 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\Rosetta Stone Version 3.lnk
[2010/12/24 06:17:20 | 000,000,290 | ---- | C] () -- G:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-2000478354-1177238915-1003.job
[2010/12/24 06:17:18 | 000,000,298 | ---- | C] () -- G:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-2000478354-1177238915-1003.job
[2010/12/24 06:16:03 | 000,000,685 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/12/21 23:06:21 | 015,103,144 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\kmp.exe
[2010/06/20 12:40:54 | 000,000,341 | ---- | C] () -- G:\WINDOWS\dellstat.ini
[2010/06/20 12:40:03 | 000,040,960 | ---- | C] () -- G:\WINDOWS\System32\dlbcvs.dll
[2010/06/20 12:40:01 | 000,000,373 | ---- | C] () -- G:\WINDOWS\System32\dlbccoin.ini
[2010/05/11 10:57:43 | 000,065,536 | ---- | C] () -- G:\WINDOWS\System32\LogonDll.dll
[2010/05/05 22:13:32 | 000,000,000 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\prvlcl.dat
[2010/03/19 18:18:01 | 000,000,319 | ---- | C] () -- G:\WINDOWS\cavscan.INI
[2010/02/19 13:00:52 | 000,000,205 | ---- | C] () -- G:\WINDOWS\WinInit.Ini
[2010/02/18 09:02:37 | 000,042,496 | ---- | C] () -- G:\WINDOWS\System32\ElbyHlper.dll
[2010/02/18 09:02:37 | 000,005,632 | ---- | C] () -- G:\WINDOWS\System32\drivers\copyhddvdhlp.sys
[2010/02/08 23:17:51 | 000,000,635 | ---- | C] () -- G:\WINDOWS\rtcwgoty.INI
[2010/02/08 23:11:26 | 000,000,758 | ---- | C] () -- G:\WINDOWS\Rtcwplat.INI
[2010/01/19 23:34:58 | 000,000,181 | ---- | C] () -- G:\WINDOWS\SIERRA.INI
[2009/12/07 20:56:32 | 000,151,552 | ---- | C] () -- G:\WINDOWS\System32\SecureNet.dll
[2009/12/07 01:01:27 | 000,348,160 | ---- | C] () -- G:\WINDOWS\System32\Rivet200.dll
[2009/11/12 18:54:24 | 000,000,600 | ---- | C] () -- G:\WINDOWS\Rtcw.INI
[2009/08/19 03:49:54 | 000,000,062 | ---- | C] () -- G:\WINDOWS\MyProg.ini
[2009/08/19 03:05:31 | 000,000,113 | ---- | C] () -- G:\WINDOWS\winzipme.ini
[2009/08/19 03:03:03 | 000,155,648 | ---- | C] () -- G:\WINDOWS\System32\addurl41.DLL
[2009/08/19 03:03:03 | 000,018,432 | ---- | C] () -- G:\WINDOWS\System32\winwatch.DLL
[2009/08/15 15:07:45 | 000,129,024 | ---- | C] () -- G:\WINDOWS\System32\AVERM.dll
[2009/08/15 15:07:44 | 000,028,672 | ---- | C] () -- G:\WINDOWS\System32\AVEQT.dll
[2009/08/13 14:27:42 | 000,000,165 | ---- | C] () -- G:\WINDOWS\startUp manager.INI
[2009/07/08 10:17:11 | 000,000,046 | ---- | C] () -- G:\WINDOWS\RmFile.ini
[2009/07/06 01:47:35 | 000,000,235 | ---- | C] () -- G:\WINDOWS\VECalc.INI
[2009/07/03 02:48:32 | 000,003,840 | ---- | C] () -- G:\WINDOWS\System32\drivers\BANTExt.sys
[2009/06/30 05:25:33 | 000,015,498 | ---- | C] () -- G:\WINDOWS\snpstd3.ini
[2009/06/30 03:50:00 | 000,168,208 | ---- | C] () -- G:\WINDOWS\System32\guard32(2)(2).dll
[2009/06/30 02:39:53 | 000,030,208 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/30 02:02:15 | 000,126,976 | ---- | C] () -- G:\WINDOWS\System32\e1000msg.dll
[2009/06/30 01:31:08 | 000,164,352 | ---- | C] () -- G:\WINDOWS\System32\unrar.dll
[2009/06/30 01:31:08 | 000,000,038 | ---- | C] () -- G:\WINDOWS\avisplitter.ini
[2009/06/30 01:31:02 | 000,007,680 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll
[2009/06/30 01:25:54 | 000,059,904 | ---- | C] () -- G:\WINDOWS\System32\zlib1.dll
[2009/06/30 01:25:47 | 000,394,752 | ---- | C] () -- G:\WINDOWS\System32\cygwinb19.dll
[2009/06/29 18:08:42 | 000,004,161 | ---- | C] () -- G:\WINDOWS\ODBCINST.INI
[2008/04/14 04:00:00 | 000,693,792 | ---- | C] () -- G:\WINDOWS\System32\OGACheckControl.DLL
[2008/03/24 08:47:02 | 000,000,012 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Application Data\userdic.tlx
[2007/05/03 12:37:08 | 000,022,152 | ---- | C] () -- G:\WINDOWS\System32\drivers\mxopswd.sys
[2007/04/07 03:22:06 | 000,032,768 | ---- | C] () -- G:\WINDOWS\System32\Amhooker.dll
[2007/01/31 12:50:32 | 000,913,408 | ---- | C] () -- G:\WINDOWS\System32\xreglib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 100 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1

< End of report >

EXTRAS
OTL Extras logfile created on: 1/10/2011 1:26:50 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = G:\Documents and Settings\K. Albert 2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive G: | 76.68 Gb Total Space | 34.04 Gb Free Space | 44.39% Space Free | Partition Type: NTFS
Drive H: | 232.88 Gb Total Space | 171.16 Gb Free Space | 73.50% Space Free | Partition Type: NTFS

Computer Name: ALBERT2 | User Name: K. Albert 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallOverride" = 0
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"G:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = G:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = G:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"G:\Program Files\uTorrent\uTorrent.exe" = G:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"G:\Program Files\AVG\AVGLS9\avgupd.exe" = G:\Program Files\AVG\AVGLS9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"G:\Program Files\AVG\AVGLS9\avgnsx.exe" = G:\Program Files\AVG\AVGLS9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{01AF8EF9-CF10-4A60-9787-27A4CFD81920}" = Word Magic Professional Suite Premier 5.2
"{069F290E-8895-452A-B32C-2195FEA5DEB0}" = Webcam Capture
"{09F55516-AC75-43EA-8127-292E5A28B7DF}" = Monster Trux Extreme - Offroad Edition
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13FC7B28-A757-4E4B-A25B-9D0078518893}" = Virtual Engine Calculator Advanced
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1C7B9B03-4D9B-4F5F-9637-E1BA76ADF889}" = Satellite TV Media Player 4.5
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}" = ebgcSDK
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{377B2121-65F6-4C5F-998F-5284DEF41F3E}" = COMODO livePCsupport
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{402B9DFC-F6DB-4FF7-B01C-7B97D8C45114}" = myWIFIzone
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4A90A9CE-0B49-4A02-94F5-C864BA33A916}" = Performance USB keyboard hotkey blocker
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{63391350-41D4-4181-9D68-038777020C38}" = System Requirements Lab
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{69EA986B-B172-4FAA-B54D-853BD3A2B264}" = Popcap Game Collection
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86076752-37A4-41E6-BFC4-73186683AF7B}" = Sprint Cars - Road to Knoxville
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AF95557C-A14A-42D2-8C9D-E9650D1A8016}" = Asistente Prodigy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7A8AA10-B632-42F8-9F57-A16FDCE0601E}" = Clock Screen Saver
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{CB33664C-5683-40AB-B968-01276F6F3446}" = ebgcRes
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7A44641-968D-4883-9DDA-88CB591DB93F}" = IHRA Drag Racing Sportsman Edition
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Any Video Converter_is1" = Any Video Converter 2.7.6
"ASCOM Platform 3.0" = ASCOM Platform 3.0
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"Avg9LsUninstall" = AVG LinkScanner® 9.0
"Bejeweled 31.0" = Bejeweled 3
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"Chicken Invaders 3 - Christmas Edition" = Chicken Invaders 3 - Christmas Edition (remove only)
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"Digital Clock Screen Saver_is1" = Digital Clock Screen Saver
"Drag Racer" = Drag Racer 3.0
"DSL Speed V4.6_is1" = DSL Speed V4.6
"DUMeter3_is1" = DU Meter
"DVD-CLONER VII_is1" = DVD-CLONER V7.00 Build 990
"FotoSketcher_is1" = FotoSketcher - Version 1.9
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"HideMyIP2009 1.00" = HideMyIP2009 1.00
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"Jardinains!" = Jardinains!
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.7
"Luxor 2" = Luxor 2 (remove only)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSNINST" = MSN
"PakMan 2008_is1" = PakMan 2008
"Pocket Tanks1.3" = Pocket Tanks
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PowerISO" = PowerISO
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuuxPlayer" = QuuxPlayer
"RealPlayer 12.0" = RealPlayer
"Smart Defrag_is1" = Smart Defrag
"ST6UNST #1" = RichoSoft SetUp Monitor
"Starry Night Pro 5" = Starry Night Pro 5
"System Explorer_is1" = System Explorer 2.0.5
"The KMPlayer" = The KMPlayer (remove only)
"TheTreasuresOfMontezuma21.0" = TheTreasuresOfMontezuma2
"Total Pinball 25_is1" = Total Pinball 25
"twkmastr1_is1" = TweakMASTER
"Ultra Flash Video FLV Converter_is1" = Ultra Flash Video FLV Converter 3.9.1120
"What's Running_is1" = What's Running 2.2
"WheelMouse" = 2X-Office 7.80
"Window Washer" = Window Washer
"Windows Rights Management Client" = Windows Rights Management Client with Service Pack 2
"Windows Rights Management Client Backwards" = Windows Rights Management Client Backwards Compatibility SP2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"King's Quest I" = King's Quest I
"King's Quest II" = King's Quest II
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/7/2011 10:04:34 AM | Computer Name = ALBERT2 | Source = DUMeterSvc | ID = 0
Description = Cannot create process as user (The system cannot find the file specified)

Error - 1/8/2011 2:21:33 AM | Computer Name = ALBERT2 | Source = DUMeterSvc | ID = 0
Description = Cannot create process as user (The system cannot find the file specified)

Error - 1/8/2011 7:00:23 AM | Computer Name = ALBERT2 | Source = DragonSvc | ID = 0
Description = Error: Failed to initiate execution of 'NatSpeak Periodic Language
Model Optimization' task

Error - 1/8/2011 10:04:43 AM | Computer Name = ALBERT2 | Source = DUMeterSvc | ID = 0
Description = Cannot create process as user (The system cannot find the file specified)

Error - 1/9/2011 7:00:24 AM | Computer Name = ALBERT2 | Source = DragonSvc | ID = 0
Description = Error: Failed to initiate execution of 'NatSpeak Periodic Language
Model Optimization' task

Error - 1/9/2011 10:05:01 AM | Computer Name = ALBERT2 | Source = DUMeterSvc | ID = 0
Description = Cannot create process as user (The system cannot find the file specified)

Error - 1/9/2011 10:46:38 PM | Computer Name = ALBERT2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/10/2011 3:04:25 AM | Computer Name = ALBERT2 | Source = DragonSvc | ID = 0
Description = Error: Failed to initiate execution of 'NatSpeak Periodic Data Collection'
task

Error - 1/10/2011 7:00:26 AM | Computer Name = ALBERT2 | Source = DragonSvc | ID = 0
Description = Error: Failed to initiate execution of 'NatSpeak Periodic Language
Model Optimization' task

Error - 1/10/2011 10:05:08 AM | Computer Name = ALBERT2 | Source = DUMeterSvc | ID = 0
Description = Cannot create process as user (The system cannot find the file specified)

[ System Events ]
Error - 1/8/2011 2:52:14 PM | Computer Name = ALBERT2 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 1/8/2011 2:52:14 PM | Computer Name = ALBERT2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 1/8/2011 2:52:14 PM | Computer Name = ALBERT2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for g:\program files\new folder\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 1/8/2011 11:35:29 PM | Computer Name = ALBERT2 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 1/8/2011 11:35:29 PM | Computer Name = ALBERT2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 1/8/2011 11:35:29 PM | Computer Name = ALBERT2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for g:\program files\new folder\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 1/9/2011 3:41:33 AM | Computer Name = ALBERT2 | Source = DCOM | ID = 10010
Description = The server {548E275F-0290-40E7-B454-738B0C61DE60} did not register
with DCOM within the required timeout.

Error - 1/9/2011 5:51:58 PM | Computer Name = ALBERT2 | Source = DCOM | ID = 10010
Description = The server {548E275F-0290-40E7-B454-738B0C61DE60} did not register
with DCOM within the required timeout.

Error - 1/9/2011 6:04:07 PM | Computer Name = ALBERT2 | Source = DCOM | ID = 10010
Description = The server {548E275F-0290-40E7-B454-738B0C61DE60} did not register
with DCOM within the required timeout.

Error - 1/9/2011 6:16:26 PM | Computer Name = ALBERT2 | Source = DCOM | ID = 10010
Description = The server {548E275F-0290-40E7-B454-738B0C61DE60} did not register
with DCOM within the required timeout.


< End of report >

I tried to run the GMER in Normal mode and Safe mode and it wouldn't let ne run it...
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby Mel Adjusted » January 10th, 2011, 11:27 pm

OTL
OTL logfile created on: 1/10/2011 1:26:50 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = G:\Documents and Settings\K. Albert 2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive G: | 76.68 Gb Total Space | 34.04 Gb Free Space | 44.39% Space Free | Partition Type: NTFS
Drive H: | 232.88 Gb Total Space | 171.16 Gb Free Space | 73.50% Space Free | Partition Type: NTFS

Computer Name: ALBERT2 | User Name: K. Albert 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - G:\Documents and Settings\K. Albert 2\Desktop\OTL.exe (OldTimer Tools)
PRC - G:\Program Files\new folder\Update\realsched.exe (RealNetworks, Inc.)
PRC - G:\Program Files\AVG\AVGLS9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - H:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - G:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - G:\Program Files\AVG\AVGLS9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - H:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
PRC - H:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
PRC - G:\Program Files\AVG\AVGLS9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - G:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
PRC - H:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - H:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - G:\Program Files\DU Meter\DUMeterSvc.exe (Hagel Technologies Ltd.)
PRC - G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - G:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - G:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - G:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - G:\Program Files\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)


========== Modules (SafeList) ==========

MOD - G:\Documents and Settings\K. Albert 2\Desktop\OTL.exe (OldTimer Tools)
MOD - G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
MOD - G:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - G:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
MOD - G:\WINDOWS\system32\guard32.dll (COMODO)
MOD - H:\Program Files\ThreatFire\TFWAH.dll (PC Tools)
MOD - H:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)


========== Win32 Services (SafeList) ==========

SRV - (DFServ) -- File not found
SRV - (FLEXnet Licensing Service) -- G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (cmdAgent) -- G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (DragonSvc) -- G:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (avg9wd) -- G:\Program Files\AVG\AVGLS9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (getPlusHelper) getPlus(R) -- G:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (CLPSLS) -- G:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (ThreatFire) -- H:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (DUMeterSvc) -- G:\Program Files\DU Meter\DUMeterSvc.exe (Hagel Technologies Ltd.)
SRV - (SeaPort) -- G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Maxtor Sync Service) -- G:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (wwEngineSvc) -- G:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (Imapi Helper) -- G:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)


========== Driver Services (SafeList) ==========

DRV - (VBoxNetFlt) -- G:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (Lbd) -- G:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (FXDrv32) -- E:\FXDrv32.sys File not found
DRV - (catchme) -- G:\ComboFix\catchme.sys File not found
DRV - (BDRsDrv) -- G:\Program Files\Softwin\BitDefender10\bdrsdrv.sys File not found
DRV - (BDFsDrv) -- G:\Program Files\Softwin\BitDefender10\bdfsdrv.sys File not found
DRV - (bdfdll) -- G:\Program Files\Softwin\BitDefender10\bdfdll.sys File not found
DRV - (Inspect) -- G:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- G:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmderd) -- G:\WINDOWS\system32\drivers\cmderd.sys (COMODO)
DRV - (cmdGuard) -- G:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (AvgTdiX) -- G:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- G:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- H:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- H:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (DeepFrz) -- G:\WINDOWS\System32\drivers\DeepFrz.sys (Faronics Corporation)
DRV - (TfSysMon) -- G:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- G:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- G:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (CopyHDDVDHlp) -- G:\WINDOWS\system32\drivers\copyhddvdhlp.sys ()
DRV - (DVDHlp) -- G:\WINDOWS\system32\drivers\dvdhlp.sys (SlySoft, Inc.)
DRV - (VBoxNetAdp) -- G:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (ElbyCDI0) -- G:\WINDOWS\system32\drivers\ElbyCDI0.sys (Elaborate Bytes AG)
DRV - (WmXlCore) -- G:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- G:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- G:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- G:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- G:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (SCDEmu) -- G:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Tcpip6) -- G:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (BANTExt) -- G:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (MXOPSWD) -- G:\WINDOWS\system32\drivers\mxopswd.sys ()
DRV - (Amusbprt) -- G:\WINDOWS\system32\drivers\Amusbprt.sys ((Standard mouse types))
DRV - (Amfilter) -- G:\WINDOWS\system32\drivers\Amfilter.sys ((Standard mouse types))
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- G:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (thdudf) -- G:\WINDOWS\system32\drivers\thdudf.sys (TOSHIBA Corporation)
DRV - (myWIFIzone) -- G:\WINDOWS\system32\drivers\myWIFIzone.sys (myWIFIzone.com)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- G:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?st=1
IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Sal the Foot Mob Wars Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2602812&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "MSN.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: G:\Program Files\AVG\AVGLS9\Firefox [2010/11/24 08:26:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/24 06:15:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2010/12/25 10:03:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2010/12/24 06:16:26 | 000,000,000 | ---D | M]

[2009/06/30 06:17:23 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Extensions
[2010/12/24 06:24:11 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\extensions
[2009/08/14 09:22:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 19:27:07 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/07/04 01:02:19 | 000,000,000 | ---D | M] (Read it Later) -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\extensions\isreaditlater@ideashower.com
[2010/06/10 22:42:06 | 000,000,945 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\searchplugins\conduit.xml
[2010/01/24 07:27:08 | 000,005,493 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\searchplugins\startpage-https.xml
[2010/01/24 07:27:08 | 000,005,471 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\searchplugins\startpage.xml
[2010/12/24 06:24:11 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files\Mozilla Firefox\extensions
[2010/04/20 19:27:48 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/21 00:16:18 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/20 20:06:27 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/21 00:09:52 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/07/08 12:44:33 | 000,000,000 | ---D | M] (Hide My IP) -- G:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com
[2010/12/24 06:15:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- G:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/11/24 08:26:52 | 000,000,000 | ---D | M] (AVG Safe Search) -- G:\PROGRAM FILES\AVG\AVGLS9\FIREFOX
[2009/07/02 08:56:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- G:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/03/16 18:35:15 | 000,000,027 | ---- | M]) - G:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVGLS9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - G:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - G:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - G:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - G:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] G:\Program Files\AVG\AVGLS9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDAgent] G:\Program Files\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [COMODO Internet Security] G:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ThreatFire] H:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] G:\program files\new folder\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnpstd3] G:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003..\Run: [ISUSPM] G:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003..\Run: [SmartRAM] H:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - G:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - G:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab ... detect.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 0257624859 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - G:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVGLS9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\DfLogon: DllName - LogonDll.dll - G:\WINDOWS\System32\LogonDll.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - G:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/30 01:30:50 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:G /k:H *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/10 01:37:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- G:\Documents and Settings\K. Albert 2\Desktop\OTL.exe
[2011/01/10 01:16:07 | 000,000,000 | ---D | C] -- G:\Documents and Settings\K. Albert 2\Start Menu\Programs\HiJackThis
[2011/01/04 14:50:48 | 000,000,000 | ---D | C] -- G:\WINDOWS\pss
[2010/12/29 20:14:10 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2010/12/26 12:24:06 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Macrovision Shared
[2010/12/26 12:23:57 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Start Menu\Programs\Rosetta Stone
[2010/12/26 12:23:33 | 000,000,000 | ---D | C] -- G:\Program Files\Rosetta Stone
[2010/12/26 12:23:33 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/12/24 06:15:57 | 000,000,000 | ---D | C] -- G:\Program Files\Real
[2010/12/24 06:15:49 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\xing shared
[2010/12/24 06:15:26 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- G:\WINDOWS\System32\rmoc3260.dll
[2010/12/24 06:14:54 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- G:\WINDOWS\System32\pndx5016.dll
[2010/12/24 06:14:54 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- G:\WINDOWS\System32\pndx5032.dll
[2010/12/24 06:14:52 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Start Menu\Programs\Real
[2010/12/24 06:14:51 | 000,272,896 | ---- | C] (Progressive Networks) -- G:\WINDOWS\System32\pncrt.dll
[2010/12/24 06:14:22 | 000,000,000 | ---D | C] -- G:\Program Files\new folder
[2010/12/21 00:09:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javaws.exe
[2010/12/21 00:09:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javaw.exe
[2010/12/21 00:09:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\java.exe
[2010/12/19 03:21:17 | 000,000,000 | ---D | C] -- G:\Documents and Settings\K. Albert 2\Application Data\FLEXnet
[2010/12/19 02:43:15 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\IVA
[2010/12/19 02:42:33 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Nuance
[2010/12/19 02:36:01 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Nuance
[2010/12/19 02:36:01 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/12/19 02:35:37 | 000,000,000 | ---D | C] -- G:\WINDOWS\speech
[2010/12/19 02:24:56 | 000,833,342 | ---- | C] ( ) -- G:\WINDOWS\System32\regw2.exe
[2010/12/16 06:18:28 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Start Menu\Programs\FreeGamePick.com
[2010/12/11 22:45:34 | 000,000,000 | RH-D | C] -- G:\Documents and Settings\K. Albert 2\Recent
[2010/12/11 22:16:49 | 000,000,000 | ---D | C] -- G:\Program Files\Best Registry Software
[2009/06/30 05:25:31 | 000,147,456 | ---- | C] ( ) -- G:\WINDOWS\System32\rsnpstd3.dll
[2009/06/30 05:25:31 | 000,061,440 | ---- | C] ( ) -- G:\WINDOWS\System32\vsnpstd3.dll
[2009/06/30 05:25:31 | 000,053,248 | ---- | C] ( ) -- G:\WINDOWS\System32\csnpstd3.dll
[2009/06/30 05:25:31 | 000,053,248 | ---- | C] ( ) -- G:\WINDOWS\csnpstd3.dll
[1 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/10 13:34:37 | 001,474,832 | ---- | M] () -- G:\WINDOWS\System32\drivers\sfi.dat
[2011/01/10 13:32:43 | 000,000,396 | ---- | M] () -- G:\WINDOWS\tasks\SmartDefrag.job
[2011/01/10 13:11:48 | 000,000,290 | ---- | M] () -- G:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-2000478354-1177238915-1003.job
[2011/01/10 13:11:47 | 000,000,298 | ---- | M] () -- G:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-2000478354-1177238915-1003.job
[2011/01/10 12:46:01 | 000,000,896 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/10 11:46:07 | 000,000,892 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 02:27:01 | 000,000,000 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\prvlcl.dat
[2011/01/10 01:38:43 | 000,296,448 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\08pvg4gu.exe
[2011/01/10 01:37:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\K. Albert 2\Desktop\OTL.exe
[2011/01/10 01:25:04 | 000,002,459 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\HiJackThis.lnk
[2011/01/10 00:29:09 | 000,002,265 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/09 17:56:00 | 000,000,400 | ---- | M] () -- G:\WINDOWS\tasks\AWC Update.job
[2011/01/09 16:32:56 | 000,879,047 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\SecurityCheck.exe
[2011/01/08 18:06:28 | 000,677,781 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\Democracy at Work.zip
[2011/01/07 00:25:40 | 000,002,206 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2011/01/07 00:24:06 | 000,000,388 | ---- | M] () -- G:\WINDOWS\tasks\AWC AutoSweep.job
[2011/01/07 00:06:45 | 000,000,784 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/06 15:10:51 | 004,595,986 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\best glue commercial.zip
[2011/01/06 07:47:18 | 000,001,329 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\Shortcut to Cu Cu Ru Cu Cu Paloma Harry Belafonte.lnk
[2011/01/04 02:52:51 | 000,002,291 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\My WIFI Zone.lnk
[2010/12/31 00:11:39 | 005,153,789 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\THINK YOU CAN DRIVE A BOAT.zip
[2010/12/29 19:12:10 | 000,000,708 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\QuuxPlayer.lnk
[2010/12/29 19:12:10 | 000,000,708 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Internet Explorer\Quick Launch\QuuxPlayer.lnk
[2010/12/26 13:18:31 | 000,002,477 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\Rosetta Stone Version 3.lnk
[2010/12/24 06:16:03 | 000,000,685 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/12/24 06:15:26 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- G:\WINDOWS\System32\rmoc3260.dll
[2010/12/24 06:14:54 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- G:\WINDOWS\System32\pndx5016.dll
[2010/12/24 06:14:54 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- G:\WINDOWS\System32\pndx5032.dll
[2010/12/24 06:14:51 | 000,272,896 | ---- | M] (Progressive Networks) -- G:\WINDOWS\System32\pncrt.dll
[2010/12/21 23:07:33 | 015,103,144 | ---- | M] () -- G:\Documents and Settings\K. Albert 2\Desktop\kmp.exe
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 02:24:56 | 000,833,342 | ---- | M] ( ) -- G:\WINDOWS\System32\regw2.exe
[2010/12/13 17:47:48 | 000,001,813 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[1 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/10 01:38:36 | 000,296,448 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\08pvg4gu.exe
[2011/01/09 16:32:49 | 000,879,047 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\SecurityCheck.exe
[2011/01/08 18:06:17 | 000,677,781 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\Democracy at Work.zip
[2011/01/06 15:10:39 | 004,595,986 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\best glue commercial.zip
[2011/01/06 07:47:18 | 000,001,329 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\Shortcut to Cu Cu Ru Cu Cu Paloma Harry Belafonte.lnk
[2011/01/04 10:37:20 | 000,000,396 | ---- | C] () -- G:\WINDOWS\tasks\SmartDefrag.job
[2010/12/31 00:11:28 | 005,153,789 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\THINK YOU CAN DRIVE A BOAT.zip
[2010/12/26 12:25:56 | 000,002,477 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\Rosetta Stone Version 3.lnk
[2010/12/24 06:17:20 | 000,000,290 | ---- | C] () -- G:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-2000478354-1177238915-1003.job
[2010/12/24 06:17:18 | 000,000,298 | ---- | C] () -- G:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-2000478354-1177238915-1003.job
[2010/12/24 06:16:03 | 000,000,685 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/12/21 23:06:21 | 015,103,144 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Desktop\kmp.exe
[2010/06/20 12:40:54 | 000,000,341 | ---- | C] () -- G:\WINDOWS\dellstat.ini
[2010/06/20 12:40:03 | 000,040,960 | ---- | C] () -- G:\WINDOWS\System32\dlbcvs.dll
[2010/06/20 12:40:01 | 000,000,373 | ---- | C] () -- G:\WINDOWS\System32\dlbccoin.ini
[2010/05/11 10:57:43 | 000,065,536 | ---- | C] () -- G:\WINDOWS\System32\LogonDll.dll
[2010/05/05 22:13:32 | 000,000,000 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\prvlcl.dat
[2010/03/19 18:18:01 | 000,000,319 | ---- | C] () -- G:\WINDOWS\cavscan.INI
[2010/02/19 13:00:52 | 000,000,205 | ---- | C] () -- G:\WINDOWS\WinInit.Ini
[2010/02/18 09:02:37 | 000,042,496 | ---- | C] () -- G:\WINDOWS\System32\ElbyHlper.dll
[2010/02/18 09:02:37 | 000,005,632 | ---- | C] () -- G:\WINDOWS\System32\drivers\copyhddvdhlp.sys
[2010/02/08 23:17:51 | 000,000,635 | ---- | C] () -- G:\WINDOWS\rtcwgoty.INI
[2010/02/08 23:11:26 | 000,000,758 | ---- | C] () -- G:\WINDOWS\Rtcwplat.INI
[2010/01/19 23:34:58 | 000,000,181 | ---- | C] () -- G:\WINDOWS\SIERRA.INI
[2009/12/07 20:56:32 | 000,151,552 | ---- | C] () -- G:\WINDOWS\System32\SecureNet.dll
[2009/12/07 01:01:27 | 000,348,160 | ---- | C] () -- G:\WINDOWS\System32\Rivet200.dll
[2009/11/12 18:54:24 | 000,000,600 | ---- | C] () -- G:\WINDOWS\Rtcw.INI
[2009/08/19 03:49:54 | 000,000,062 | ---- | C] () -- G:\WINDOWS\MyProg.ini
[2009/08/19 03:05:31 | 000,000,113 | ---- | C] () -- G:\WINDOWS\winzipme.ini
[2009/08/19 03:03:03 | 000,155,648 | ---- | C] () -- G:\WINDOWS\System32\addurl41.DLL
[2009/08/19 03:03:03 | 000,018,432 | ---- | C] () -- G:\WINDOWS\System32\winwatch.DLL
[2009/08/15 15:07:45 | 000,129,024 | ---- | C] () -- G:\WINDOWS\System32\AVERM.dll
[2009/08/15 15:07:44 | 000,028,672 | ---- | C] () -- G:\WINDOWS\System32\AVEQT.dll
[2009/08/13 14:27:42 | 000,000,165 | ---- | C] () -- G:\WINDOWS\startUp manager.INI
[2009/07/08 10:17:11 | 000,000,046 | ---- | C] () -- G:\WINDOWS\RmFile.ini
[2009/07/06 01:47:35 | 000,000,235 | ---- | C] () -- G:\WINDOWS\VECalc.INI
[2009/07/03 02:48:32 | 000,003,840 | ---- | C] () -- G:\WINDOWS\System32\drivers\BANTExt.sys
[2009/06/30 05:25:33 | 000,015,498 | ---- | C] () -- G:\WINDOWS\snpstd3.ini
[2009/06/30 03:50:00 | 000,168,208 | ---- | C] () -- G:\WINDOWS\System32\guard32(2)(2).dll
[2009/06/30 02:39:53 | 000,030,208 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/30 02:02:15 | 000,126,976 | ---- | C] () -- G:\WINDOWS\System32\e1000msg.dll
[2009/06/30 01:31:08 | 000,164,352 | ---- | C] () -- G:\WINDOWS\System32\unrar.dll
[2009/06/30 01:31:08 | 000,000,038 | ---- | C] () -- G:\WINDOWS\avisplitter.ini
[2009/06/30 01:31:02 | 000,007,680 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll
[2009/06/30 01:25:54 | 000,059,904 | ---- | C] () -- G:\WINDOWS\System32\zlib1.dll
[2009/06/30 01:25:47 | 000,394,752 | ---- | C] () -- G:\WINDOWS\System32\cygwinb19.dll
[2009/06/29 18:08:42 | 000,004,161 | ---- | C] () -- G:\WINDOWS\ODBCINST.INI
[2008/04/14 04:00:00 | 000,693,792 | ---- | C] () -- G:\WINDOWS\System32\OGACheckControl.DLL
[2008/03/24 08:47:02 | 000,000,012 | ---- | C] () -- G:\Documents and Settings\K. Albert 2\Application Data\userdic.tlx
[2007/05/03 12:37:08 | 000,022,152 | ---- | C] () -- G:\WINDOWS\System32\drivers\mxopswd.sys
[2007/04/07 03:22:06 | 000,032,768 | ---- | C] () -- G:\WINDOWS\System32\Amhooker.dll
[2007/01/31 12:50:32 | 000,913,408 | ---- | C] () -- G:\WINDOWS\System32\xreglib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 100 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1

< End of report >

EXTRAS
OTL Extras logfile created on: 1/10/2011 1:26:50 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = G:\Documents and Settings\K. Albert 2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive G: | 76.68 Gb Total Space | 34.04 Gb Free Space | 44.39% Space Free | Partition Type: NTFS
Drive H: | 232.88 Gb Total Space | 171.16 Gb Free Space | 73.50% Space Free | Partition Type: NTFS

Computer Name: ALBERT2 | User Name: K. Albert 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallOverride" = 0
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"G:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = G:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = G:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"G:\Program Files\uTorrent\uTorrent.exe" = G:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"G:\Program Files\AVG\AVGLS9\avgupd.exe" = G:\Program Files\AVG\AVGLS9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"G:\Program Files\AVG\AVGLS9\avgnsx.exe" = G:\Program Files\AVG\AVGLS9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = G:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{01AF8EF9-CF10-4A60-9787-27A4CFD81920}" = Word Magic Professional Suite Premier 5.2
"{069F290E-8895-452A-B32C-2195FEA5DEB0}" = Webcam Capture
"{09F55516-AC75-43EA-8127-292E5A28B7DF}" = Monster Trux Extreme - Offroad Edition
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13FC7B28-A757-4E4B-A25B-9D0078518893}" = Virtual Engine Calculator Advanced
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1C7B9B03-4D9B-4F5F-9637-E1BA76ADF889}" = Satellite TV Media Player 4.5
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}" = ebgcSDK
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{377B2121-65F6-4C5F-998F-5284DEF41F3E}" = COMODO livePCsupport
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{402B9DFC-F6DB-4FF7-B01C-7B97D8C45114}" = myWIFIzone
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4A90A9CE-0B49-4A02-94F5-C864BA33A916}" = Performance USB keyboard hotkey blocker
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{63391350-41D4-4181-9D68-038777020C38}" = System Requirements Lab
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{69EA986B-B172-4FAA-B54D-853BD3A2B264}" = Popcap Game Collection
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86076752-37A4-41E6-BFC4-73186683AF7B}" = Sprint Cars - Road to Knoxville
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AF95557C-A14A-42D2-8C9D-E9650D1A8016}" = Asistente Prodigy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7A8AA10-B632-42F8-9F57-A16FDCE0601E}" = Clock Screen Saver
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{CB33664C-5683-40AB-B968-01276F6F3446}" = ebgcRes
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7A44641-968D-4883-9DDA-88CB591DB93F}" = IHRA Drag Racing Sportsman Edition
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Any Video Converter_is1" = Any Video Converter 2.7.6
"ASCOM Platform 3.0" = ASCOM Platform 3.0
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"Avg9LsUninstall" = AVG LinkScanner® 9.0
"Bejeweled 31.0" = Bejeweled 3
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"Chicken Invaders 3 - Christmas Edition" = Chicken Invaders 3 - Christmas Edition (remove only)
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"Digital Clock Screen Saver_is1" = Digital Clock Screen Saver
"Drag Racer" = Drag Racer 3.0
"DSL Speed V4.6_is1" = DSL Speed V4.6
"DUMeter3_is1" = DU Meter
"DVD-CLONER VII_is1" = DVD-CLONER V7.00 Build 990
"FotoSketcher_is1" = FotoSketcher - Version 1.9
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"HideMyIP2009 1.00" = HideMyIP2009 1.00
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"Jardinains!" = Jardinains!
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.7
"Luxor 2" = Luxor 2 (remove only)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSNINST" = MSN
"PakMan 2008_is1" = PakMan 2008
"Pocket Tanks1.3" = Pocket Tanks
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PowerISO" = PowerISO
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuuxPlayer" = QuuxPlayer
"RealPlayer 12.0" = RealPlayer
"Smart Defrag_is1" = Smart Defrag
"ST6UNST #1" = RichoSoft SetUp Monitor
"Starry Night Pro 5" = Starry Night Pro 5
"System Explorer_is1" = System Explorer 2.0.5
"The KMPlayer" = The KMPlayer (remove only)
"TheTreasuresOfMontezuma21.0" = TheTreasuresOfMontezuma2
"Total Pinball 25_is1" = Total Pinball 25
"twkmastr1_is1" = TweakMASTER
"Ultra Flash Video FLV Converter_is1" = Ultra Flash Video FLV Converter 3.9.1120
"What's Running_is1" = What's Running 2.2
"WheelMouse" = 2X-Office 7.80
"Window Washer" = Window Washer
"Windows Rights Management Client" = Windows Rights Management Client with Service Pack 2
"Windows Rights Management Client Backwards" = Windows Rights Management Client Backwards Compatibility SP2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-2000478354-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"King's Quest I" = King's Quest I
"King's Quest II" = King's Quest II
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/7/2011 10:04:34 AM | Computer Name = ALBERT2 | Source = DUMeterSvc | ID = 0
Description = Cannot create process as user (The system cannot find the file specified)

Error - 1/8/2011 2:21:33 AM | Computer Name = ALBERT2 | Source = DUMeterSvc | ID = 0
Description = Cannot create process as user (The system cannot find the file specified)

Error - 1/8/2011 7:00:23 AM | Computer Name = ALBERT2 | Source = DragonSvc | ID = 0
Description = Error: Failed to initiate execution of 'NatSpeak Periodic Language
Model Optimization' task

Error - 1/8/2011 10:04:43 AM | Computer Name = ALBERT2 | Source = DUMeterSvc | ID = 0
Description = Cannot create process as user (The system cannot find the file specified)

Error - 1/9/2011 7:00:24 AM | Computer Name = ALBERT2 | Source = DragonSvc | ID = 0
Description = Error: Failed to initiate execution of 'NatSpeak Periodic Language
Model Optimization' task

Error - 1/9/2011 10:05:01 AM | Computer Name = ALBERT2 | Source = DUMeterSvc | ID = 0
Description = Cannot create process as user (The system cannot find the file specified)

Error - 1/9/2011 10:46:38 PM | Computer Name = ALBERT2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/10/2011 3:04:25 AM | Computer Name = ALBERT2 | Source = DragonSvc | ID = 0
Description = Error: Failed to initiate execution of 'NatSpeak Periodic Data Collection'
task

Error - 1/10/2011 7:00:26 AM | Computer Name = ALBERT2 | Source = DragonSvc | ID = 0
Description = Error: Failed to initiate execution of 'NatSpeak Periodic Language
Model Optimization' task

Error - 1/10/2011 10:05:08 AM | Computer Name = ALBERT2 | Source = DUMeterSvc | ID = 0
Description = Cannot create process as user (The system cannot find the file specified)

[ System Events ]
Error - 1/8/2011 2:52:14 PM | Computer Name = ALBERT2 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 1/8/2011 2:52:14 PM | Computer Name = ALBERT2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 1/8/2011 2:52:14 PM | Computer Name = ALBERT2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for g:\program files\new folder\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 1/8/2011 11:35:29 PM | Computer Name = ALBERT2 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 1/8/2011 11:35:29 PM | Computer Name = ALBERT2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 1/8/2011 11:35:29 PM | Computer Name = ALBERT2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for g:\program files\new folder\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 1/9/2011 3:41:33 AM | Computer Name = ALBERT2 | Source = DCOM | ID = 10010
Description = The server {548E275F-0290-40E7-B454-738B0C61DE60} did not register
with DCOM within the required timeout.

Error - 1/9/2011 5:51:58 PM | Computer Name = ALBERT2 | Source = DCOM | ID = 10010
Description = The server {548E275F-0290-40E7-B454-738B0C61DE60} did not register
with DCOM within the required timeout.

Error - 1/9/2011 6:04:07 PM | Computer Name = ALBERT2 | Source = DCOM | ID = 10010
Description = The server {548E275F-0290-40E7-B454-738B0C61DE60} did not register
with DCOM within the required timeout.

Error - 1/9/2011 6:16:26 PM | Computer Name = ALBERT2 | Source = DCOM | ID = 10010
Description = The server {548E275F-0290-40E7-B454-738B0C61DE60} did not register
with DCOM within the required timeout.


< End of report >

I tried to run the GMER in Normal mode and Safe mode and it wouldn't let ne run it...
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby deltalima » January 11th, 2011, 5:36 am

Hi Mel Adjusted,

I tried to run the GMER in Normal mode and Safe mode and it wouldn't let ne run it...


Please run this alternative scan.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware